China: Leaked database reveals Chinese firm’s global data collection


A leaked database shows a small company has collected personal data on 2.4 million people worldwide to feed intelligence to the Chinese government, media outlets reported in September 2020.

The data collected by Chinese firm Zhenhua Data includes addresses, birthdates, marital status, criminal records and political associations, Forbes magazine reported. It was largely harvested from social media profiles on Twitter, Facebook, Crunchbase, TikTok and LinkedIn. About 20%, however, comes from nonpublic sources. Only part of the database was recovered. It contains profiles of 52,000 U.S. residents, 35,000 Australians, 10,000 Indians, 9,700 Britons and 5,000 Canadians.

The data includes biographies and service records of U.S. Navy officers, including aircraft carrier captains. The firm also collected tweets from overseas U.S. military installations and social media chats among China watchers in Washington, The Washington Post newspaper reported. The information has been collected since 2017 for the stated purpose of providing intelligence to Chinese military, commercial and government clients, the Post reported.

The company left a copy of the database unsecured on the internet, where it was retrieved by an Australian cyber security consultancy.

Robert Potter, founder of the Australia-based Internet 2.0 cyber security company, and Christopher Balding, an independent researcher, provided an incomplete copy of the database to news organizations. Potter and Balding said they downloaded and reconstructed about 10% of the database, which is estimated to be about 1 terabyte of text. “Open liberal democracies must consider how best to deal with the very real threats presented by Chinese monitoring of foreign individuals and institutions outside established legal limits,” Balding said.