More than a dozen individuals have been arrested by Chinese authorities on suspicion of selling Apple customers' personal account information stolen from internal computer systems as part of a significant underground criminal operation, it emerged this week (7 June).
Both AFP and Chinese state media have reported that police in eastern China last month arrested 22 suspects as part of an investigation into the illicit trading, a scam believed to be worth more than 50 million yuan ($7.36 million) in total. 20 of those suspects were linked to Apple, it emerged.
Initially uncovering the scheme in January 2017, state media said the suspects were working with Apple as part of outsourced "direct sales" and marketing.
The 20 Apple-linked individuals, arrested across four regions, were selling off the stolen data for money.
The compromised personal information reportedly included customer names, mobile numbers, Apple IDs and more. It has not yet been revealed if the stolen data was from users solely based in China, or if international customers were also impacted.
Apple declined to comment on the incident.
According to an official statement released by local police in the Zhejiang province in southern China, first reported by AFP, suspects were detained on "suspicion of infringing individuals' privacy and illegally obtaining their digital personal information."
Reports suggest that the trading of stolen personal information is relatively common in the region, however a fresh new cybersecurity law – enacted on 1 June – has been designed to change that.
Like the EU's upcoming GDPR, it promises to levy huge fines on firms which fail to protect data.
Yet according to the Financial Times, technology giants and large businesses operating in China believe the cybersecurity law could give domestic firms an unfair competitive advantage and could even be exploited to help officials steal trade secrets from foreign companies.
"The law is both extremely vague and exceptionally wide in scope, potentially putting companies at risk of regulatory enforcement that is not related to cybersecurity," Carly Ramsey, associate director at Control Risks, a risk management firm, told FT at the time.
It's not the first case of Apple employees being caught in a privacy scandal. Last year, four staffers in Australia were fired after being accused of sharing nude images from customers' phones and rating them out of 10. Apple later claimed it found "'no evidence" photos were inappropriately transferred.
Note: This article was updated on 9 June 2017 to clarify the 20 individuals arrested in China were not direct employees of Apple, but instead from an outsourcing company.