Chinese authorities say they have uncovered a massive underground operation involving the sale of Apple users’ personal data. Twenty-two people have been detained on suspicion of infringing individuals’ privacy and illegally obtaining their digital personal information, according to a statement Wednesday from police in southern Zhejiang province.
Of the 22 suspects, 20 were employees of an Apple “domestic direct sales company and outsourcing company”. The suspects allegedly used an internal company computer system to gather users’ names, phone numbers, Apple IDs, and other data, which they sold as part of a scam worth more than 50 million yuan ($7.36 million).
The statement referred to “domestic employees of Apple” but it was unclear whether they were directly employed by the company or by Apple suppliers or vendors. It also did not specify whether the data belonged to Chinese or foreign Apple customers.
An Apple spokesman declined to comment on the matter. The local police did not respond to requests for comment.
Following months of investigation, the statement said, police across more than four provinces — Guangdong, Jiangsu, Zhejiang, and Fujian — apprehended the suspects over the weekend, seizing their “criminal tools” and dismantling their online network.
The suspects allegedly charged between 10 yuan ($1.50) and 180 yuan ($26.50) for pieces of the illegally extracted data.
The sale of personal information is common in China, which implemented on June 1 a controversial new cybersecurity law aimed at protecting the country’s networks and private user information.
In December, an investigation by the Southern Metropolis Daily newspaper exposed a black market for private data gathered from police and government databases. Reporters successfully obtained a trove of material on one colleague — including flight history, hotel checkouts and property holdings — in exchange for a payment of 700 yuan ($100).