The warning was issued after a cyberattack from abroad targeting the database of a domestic e-commerce platform, according to Global Times on March 1.
Data storage services allow businesses to deliver data to companies specializing in management, maintenance and security. This model helps reduce costs and improve operational efficiency. However, security agencies recommend potential data leakage risks that need to be closely monitored.
According to the announcement, many businesses choose to put data into storage companies, which are likened to "digital banks". But if not controlled well, vulnerabilities can lead to information leaks, affecting national security.
Some confidential information processing units have not carefully checked the security capacity and legal conditions of service providers. At a cybersecurity forum, functional agencies discovered that customer information of financial institutions was being advertised for sale.
The source of the leak was identified as coming from a small technology company without a financial data processing license. This company employee took advantage of management loopholes to upload customer data and sell it on the online "black market", causing widespread leaks and threatening national financial security.
The announcement also said that foreign spy groups and cybercriminals are increasingly targeting the field of data storage.
Hackers abroad use big data analysis to identify targets and infiltrate the database of a Chinese e-commerce platform. Hackers have copied large volumes of user data, including sensitive information related to procurement for key infrastructure projects and high-tech scientific research documents.
The Chinese Ministry of National Security emphasizes that data security is part of national security. According to China's data security law, data processing organizations must fulfill their protection obligations and must not harm national security, public interests and the legitimate rights of individuals and organizations.
This agency calls on data outsourcing businesses to strengthen internal supervision, technically assess partner capacity, clearly stipulate security responsibilities in contracts and regularly assess risks.
At the same time, both the lessee and the service provider need to tighten personnel management and organize periodic security training to protect national data security.
