A group of suppliers and companies that Apple outsources work to in China have reportedly been found running an underground operation selling Apple computer and iPhone users’ personal information online.
Chinese authorities revealed in a statement on Wednesday that they have arrested 22 suspects involved in criminal activity, 20 of which were employees of an Apple’s “domestic direct sales company and outsourcing company”.
They were charged with infringing on individuals’ privacy and illegally obtaining digital personal information.
Using their links to Apple, the suspects were able to access the company’s internal computer system and gather users’ names, phone numbers, Apple IDs, and other data which they sold to interested parties.
The entire operation was worth more than 50 million yuan ($7.36 million), according to the Wall Street Journal.
Buyers allegedly pay between 10 yuan ($1.50) and 180 yuan ($26.50) for a user’s supposedly private data.
It was not specified, however, if the compromised data was sourced from Chinese or foreign Apple users.
Police officers from the provinces of Guangdong, Jiangsu, Zhejiang, and Fujian coordinated in taking down the operation after months of surveillance and investigation.
According to Southern Metropolis Daily, buying and selling digital personal information has become rampant on Chinese black markets.
Some of the private data discovered by the paper’s investigative report were sourced from police and government databases, AFP reports via Hong Kong Free Press.
During its investigation in December, undercover reporters were able to obtain personal details of one colleague.
For just 700 yuan ($100), they were able to get the co-worker’s flight history, hotel checkouts and property holdings.
Observers point out that the perception that Apple product owners are generally more affluent than regular gadget owners have made them targets of hackers and other data theft specialists.
Incidentally, China has implemented a controversial cybersecurity law earlier this month that seeks to protect the country’s networks and private user information.