by supplychainreport
China’s Ministry of State Security has issued a public warning over potential national security risks linked to outsourcing data storage to third-party hosting providers, following a reported cyberattack by overseas hackers on the database of a domestic e-commerce platform.
In a notice published on its official WeChat account, the ministry cautioned that while data hosting services can help enterprises reduce costs and improve operational efficiency, they may also create hidden vulnerabilities if oversight and security standards are inadequate. The statement described hosting firms as “digital super banks,” noting that although they centralize and streamline data management, they can also become high-value targets for cybercriminals and foreign intelligence groups.
Authorities highlighted cases where insufficient vetting of service providers led to significant data breaches. In one example, customer information from financial institutions was found being sold online. The source was traced to a small technology company that lacked proper financial data processing credentials but had falsely marketed its hosting capabilities. Employees allegedly exploited internal management loopholes to download and sell sensitive data on the dark web, resulting in large-scale privacy breaches and risks to national financial security.
In another case, weak supervision mechanisms allowed an employee of a hosting provider to misuse access to experimental data from a classified unit that had outsourced its storage and maintenance operations. The ministry noted that inadequate controls over server room access and data retrieval procedures created opportunities for abuse.
The notice also warned that foreign espionage and cybercrime groups are increasingly targeting the data hosting sector. In one incident, an overseas hacking organization reportedly infiltrated a Chinese e-commerce platform’s database by leveraging big data analysis tools, planting malware to conduct phishing attacks and escalate access privileges. Large volumes of user data were allegedly stolen, including sensitive procurement information related to key national infrastructure projects and advanced scientific research materials.
The ministry emphasized that data security is an integral component of national security, citing the Data Security Law of the People’s Republic of China. The law requires organizations engaged in data processing to fulfill protection obligations and avoid actions that could endanger national security, public interests, or the lawful rights of individuals and organizations.
Companies that outsource data services were urged to strengthen internal supervision, rigorously review contractors’ qualifications, clearly define confidentiality responsibilities in contracts, and conduct regular risk assessments. Both clients and service providers were also advised to enhance staff management and implement routine confidentiality training to safeguard sensitive information.
The warning reflects broader concerns about the security of digital infrastructure underpinning e-commerce, finance, and critical supply chain operations, as reliance on third-party data management services continues to expand.
