Behind the Hack: "Shanghai Police"

Target: The Chinese government
Date of operation: Reported in July 2022 (the breach occurred at an unspecified earlier date)
 
Quick take: In June 2022, a cybercriminal attempted to sell a 23-terabyte database – which may contain the records of as many as a billion Chinese citizens – that had been stolen from police in Shanghai. The New York Times reports that the stolen trove of data includes addresses, government-issued identification numbers, police case records, phone numbers, whether an individual has been named a “key person” by public security authorities, and other types of sensitive information. The cybercriminal who possessed the database tried to sell it for roughly $200,000 in Bitcoin. 
Why it matters: According to a July 7 report by The New York Times, the database had been “left online, unsecured, for months, security researchers said, in what is probably the largest known breach of Chinese government computer systems.” The Chinese government quickly suppressed hashtags such as “Shanghai data leak,” “data leak of one billion citizens,” and “data leak” on social media, which was an indicator that officials were concerned about how the breach would be perceived. 
The Shanghai breach is a reminder that simple mistakes – in this case, leaving a large amount of data unsecured where it could easily be stolen – can have an impact on millions or even hundreds of millions of people. Consumers are increasingly aware that their sensitive personal information is at risk, which is why it’s no surprise that two-thirds of Americans say the potential risks of the government collecting their data outweigh the benefits, and 81 percent say the same when it comes to data collected by companies. 
Responsible data collection and storage has never been more important for maintaining consumer trust. 
We’ve got a hack for that: The Shanghai breach should be a warning to companies and consumers alike – as larger volumes of sensitive personal data are gathered, breaches will be increasingly wide-reaching and destructive. According to Verizon’s 2022 Data Breach Investigations Report, 82 percent of breaches involve a human element. That is why cybersecurity awareness is so crucial for companies trying to earn consumer trust at a time when the cost of cyberattacks is surging. 
Proper data management – which encompasses how data is gathered, shared, and stored – is everyone’s responsibility. NINJIO keeps employees engaged with cybersecurity awareness content based on real-world breaches like the one that took place in Shanghai. Our platform is designed to establish a culture of cybersecurity across the entire organization, which reduces the likelihood of costly mistakes in the handling of sensitive information.