China’s Ministry of State Security (MSS) announced the successful resolution of a case involving a Chinese company that assisted a foreign client in collecting sensitive data related to China’s railway systems.
It marks the first significant case since the implementation of China’s Data Security Law in September 2021, where the collected data was officially deemed as intelligence. The case highlights the heightened vigilance and regulatory enforcement in China concerning data security, particularly in sectors critical to national infrastructure.
According to the MSS, the Chinese IT company in question had accepted a contract in late 2020 from a foreign firm claiming to be conducting market research to support its entry into China’s railway sector. Due to COVID-19 travel restrictions, the foreign company was unable to send personnel to China, leading it to subcontract the data collection work to local Chinese vendors. The MSS revealed that the foreign company had connections with various entities, including foreign intelligence agencies, military units, and government departments, raising suspicions about the true intent behind the data collection.
Despite being aware of potential risks, the Chinese company proceeded with the contract, attracted by the substantial financial incentives. It installed specialized equipment to gather electronic signal data along China’s extensive railway network, including Internet of Things (IoT) transmissions, cellular and railway communications, and confidential networks. Over the course of a month, the project accumalated 500 gigabytes of data, which the MSS later classified as ‘intelligence information’ due to its critical importance to the safe operation of the railways. The Data Security Law explicitly prohibits the collection of such data.
The individuals involved were arrested on charges of espionage and illegal provision of intelligence to foreign entities. They have been sentenced to several years in prison, although the MSS did not disclose further details about their sentences. The ministry emphasized its commitment to fortifying data security, guarding against major data risks, and aggressively combating foreign cyberattacks and data theft.
The MSS also urged the public and businesses to be vigilant in protecting national data and sensitive personal information, cautioning against the dangers of foreign intelligence agencies seeking to acquire China’s core sensitive data. Companies have been advised to enhance their data protection measures, particularly when handling personal information, and to comply with the stringent data transfer regulations imposed by the Chinese government. These regulations include mandatory government reviews for most cross-border data transfers, reflecting China’s broader efforts to secure its digital landscape.
This case is part of a broader trend in China’s increasingly rigorous approach to data governance. Since the introduction of the Data Security Law, along with revamped anti-espionage and state secrets laws, foreign businesses have expressed concerns over the lack of clarity in these regulations and the potential impact on international operations. The Chinese government’s strict stance highlights the growing importance it places on safeguarding national security in the digital age.
Data theft poses a significant threat to national security, particularly in a world where sensitive information is a vital asset. When critical data, such as infrastructure details, defense strategies, or technological innovations, is stolen, it can severely compromise a country’s ability to protect itself. In China’s case, instances of data theft have highlighted vulnerabilities that can be exploited by foreign intelligence agencies. In 2020, Chinese authorities uncovered a case where hackers affiliated with a foreign nation were found to be stealing classified military data, including blueprints and communications strategies.
This breach underscored the risk that compromised data could be used to disrupt operations, manipulate public information, or gain a strategic military advantage. The theft of proprietary technology can undermine China’s economic security by eroding its competitive edge in critical sectors. These incidents reveal how data theft not only weakens a nation’s security but also destabilizes its technological and economic foundations, making it more vulnerable to external threats.
China’s railway system is a symbol of its technological advancement, and has long been a target for both industrial and intelligence espionage. The development of the high-speed rail network, which is among the most extensive in the world, has attracted significant global interest. Data is a critical asset for a country’s technological progress and national security.
ALSO READ: China introduces the world’s first carbon fibre passenger train
