A significant cybersecurity incident has allegedly exposed the personal data of 88 million Chinese citizens. A threat actor on a dark web forum has claimed to be selling a massive database obtained from the China HRSS Information Technology Network (hrssit.cn). The network appears to be a crucial part of the country’s Human Resources and Social Security informatization system, which handles sensitive information for residents across various provinces and municipalities. The seller is offering the entire dataset for sale, payable in cryptocurrency.
The China HRSS Information Technology Network serves as a digital backbone for human resources and social security services, making the alleged breach extremely severe. If the claims are authentic, the exposure of such detailed personal information on a massive scale could lead to unprecedented levels of identity theft, financial fraud, and highly targeted phishing scams against millions of people. The data connects individuals’ names and national ID numbers with their employment history and contact information, creating a comprehensive profile for malicious actors to exploit.
The threat actor provided a sample of the data, which allegedly includes a wide range of personally identifiable information (PII). The compromised data fields are said to be:
- Name
- National ID
- Mobile Number
- Company
- Birthday
- Sex
- Mobile Province
- Mobile City
- Mobile Carrier
- ID Province
- ID City
