[BreachExchange] Data Leak Exposes Details of Two Million Chinese Communist Party Members

Destry Winant destry at riskbasedsecurity.com
Mon Dec 14 10:26:40 EST 2020


https://www.infosecurity-magazine.com/news/data-leak-chinese-communist-party/

Sensitive data of around two million members of the Communist Party of
China (CPC) have been leaked, highlighting their positions in major
organizations, including government agencies, throughout the world.

According to reports from The Australian newspaper, featured in the
Economic Times, the information includes official records such as
party position, birthdate, national ID number and ethnicity. It
revealed that members of China’s ruling party hold prominent positions
in some of the world’s biggest companies, including in pharmaceutical
giants involved in the development of COVID-19 vaccines like Pfizer
and financial institutions such as HSBC.

The investigation by The Australian centred around the data leak,
which was extracted from a Shanghai server in 2016 by Chinese
dissidents.

It noted that CPC members are employed as senior political and
government affairs specialists in at least 10 consulates, including
the US, UK and Australia, in the eastern Chinese metropolis Shanghai.
The paper added that many other members hold positions inside
universities and government agencies.

The report emphasized there is no evidence that spying for the Chinese
government or other forms of cyber-espionage have taken place.

In her report, The Australian journalist and Sky News host Sharri
Markson commented: "What's amazing about this database is not just
that it exposes people who are members of the Communist Party, and who
are now living and working all over the world, from Australia to the
US to the UK, but it's amazing because it lifts the lid on how the
party operates under President and Chairman Xi Jinping.

"It is also going to embarrass some global companies who appear to
have no plan in place to protect their intellectual property from
theft, from economic espionage."

In September, the Cybersecurity and Infrastructure Security Agency
(CISA) and the US Department of Justice issued a joint advisory
warning US government agencies and private sector companies to be on
high alert for cyber-attacks by threat actors affiliated with the
Chinese Ministry of State Security (MSS).


More information about the BreachExchange mailing list