Advertisement
Alibaba
TechPolicy

Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says

  • The Zhejiang Communications Administration said last month that Alibaba disclosed user information without consent following a complaint about the 2019 incident
  • Alibaba Cloud said it has already taken corrective measures but did not provide details

Reading Time:2 minutes
Why you can trust SCMP
1
Alibaba Cloud, China’s largest cloud service provider, has been accused by the Zhejiang telecoms regulator of violating China’s Cybersecurity Law following a complaint related to a 2019 data leak. Photo: Bien Perez
Coco Feng
The telecoms authority of China’s eastern Zhejiang province has told the cloud computing unit of Alibaba Group Holding that it violated the country’s Cybersecurity Law and should make rectifications following a complaint about a 2019 information leak.
In a letter dated July 5, the Zhejiang Communications Administration (ZCA) said it found Alibaba Cloud “disclosed user registration information to a third-party partner without consent, which violated the Cybersecurity Law”. The letter was issued after the bureau received and processed a complaint against China’s largest cloud service provider.

The authority did not identify the source of the complaint or when it was filed.

Advertisement

The ZCA has not published the letter publicly, but its contents were reported by local Chinese media this week, including the newspaper 21st Century Business Herald. The bureau has confirmed the authenticity of the letter.

Alibaba Cloud said in a statement that the incident took place during the November 11 Singles’ Day shopping festival in 2019, when “a telemarketing employee violated company discipline, privately obtained client contact information and leaked it to a distributor’s staff member”. Alibaba, the owner of the South China Morning Post, said it discovered the issue during an internal probe.
Advertisement

“The company strictly prohibits employees from disclosing user registration information to third parties. The company has seriously handled the case in accordance with company rules, taken active rectification measures as requested by the ZCA and corrected the shortcomings of personnel management,” Alibaba said, without offering further details.

Advertisement
Select Voice
Choose your listening speed
Get through articles 2x faster
1.25x
250 WPM
Slow
Average
Fast
1.25x