A massive leak that has seen the personal details of 2.5 million people on a Chinese facial recognition database is “just the start” of serious leaks of this kind, according to one cybersecurity expert.

The leak was the result of SenseNets, a provider of Chinese facial recognition systems, leaving an online database unprotected.

The exposed data included tracking location data for the previous 24 hours, ID card numbers, sex, nationality, date of birth, address and employer details. It also included a photo of each of the 2.5 million people affected.

The company has since taken steps to secure the database, which was found by cybersecurity researcher Victor Givors, but the information is now likely to be in the public sphere.

China already makes extensive use of facial recognition in public places, with law enforcement among those already utilising the technology. The country’s use is also set to grow significantly over the next few years.

“Orwell’s 1984”: How the Chinese facial recognition database leak is just the start

Despite representing a gross invasion of privacy for the 2.5 million people affected, the news has not attracted outrage in China due to differences in attitudes around privacy versus the West.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

However, cybersecurity experts see the breach as typical of the kinds of issues unsuspecting users are now facing, with Felix Rosbach, product manager at comforte AG, describing the incident as a worse version of the dystopian world captured in George Orwell’s book 1984.

“Welcome to Orwell’s 1984, but with an even worse twist. When bad guys get access to your identity information, things can go terribly wrong,” he said.

He warned that such breaches were likely to become more common due to the way that many companies handle such data.

“This is just the start. Sometimes personally identifiable information sits in silos and hackers only get access to a small amount of data which hold not that much of a value,” he said.

“But with the use of unique identifiers, like national identity card numbers, it is possible to combine datasets of multiple breaches. This enables hackers to use complex identity profiles of customers.”

For companies, the onus is on protecting data as it stored – not just in terms of how it is accessed.

“The most important thing organisations can do to protect identity information is to pseudonymise it,” said Rosbach.

“This ensures that personal data is protected whenever a breach happens and is even more important for IDs like PANs, social security numbers or national identity cards numbers.”