Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says
- The Zhejiang Communications Administration said last month that Alibaba disclosed user information without consent following a complaint about the 2019 incident
- Alibaba Cloud said it has already taken corrective measures but did not provide details
The authority did not identify the source of the complaint or when it was filed.
The ZCA has not published the letter publicly, but its contents were reported by local Chinese media this week, including the newspaper 21st Century Business Herald. The bureau has confirmed the authenticity of the letter.
“The company strictly prohibits employees from disclosing user registration information to third parties. The company has seriously handled the case in accordance with company rules, taken active rectification measures as requested by the ZCA and corrected the shortcomings of personnel management,” Alibaba said, without offering further details.
Why China is tightening control over cybersecurity
For serious violations, the regulator can levy heavier punishments, including suspending or revoking a business license.
Alibaba Cloud, which controls 40 per cent of China’s public cloud market, has been accused of infringing on client rights before.
Ipip.net, a geographic location database company, complained that the cloud provider copied some of its product data. The two later settled and issued a joint statement in late July that said some Alibaba Cloud staff had violated corporate norms for product development. Alibaba said it would punish the employees involved and prevent similar incidents in the future.
Additional reporting by Jane Zhang