Last week, a threat actor going by the name of ChinaDan offered more than 23TB of data for sale on Breach Forums. The user stated that the data is from a leaked Shanghai National Police Database. In the post, ChinaDan claims that information on over one billion Chinese citizens is available. The current asking price for the information is 10 bitcoin, or roughly $200,000. The news of this breach has caused a lot of discussion on Chinese social media platforms, but it has not yet been possible to verify the claims. If this breach proves to be legitimate, it will be one of the biggest breaches ever reported.
Personally Identifiable Information (PII) is one of the most sought-after items for threat actors. The information can be used for many different attacks, as well as be sold for a hefty profit on criminal forums. Any entity that collects and stores data of patrons is responsible for the safe keeping of that data. They should ensure best practices are in place for storing sensitive information and continually improve upon their security measures as the threat landscape evolves. Many countries are beginning to implement their own set of regulations surrounding data privacy. Companies should stay up to date on their policies and follow them in any data theft event.