Yang Jie and Josh Chin, Dow Jones Newswires:
Police in eastern China said they had detained 22 people, including 20 from Apple “direct sales outlets” in China and companies Apple outsources services to. Police said those detained had used Apple’s internal system to illegally obtain information associated with iPhone products like phone numbers, names and Apple IDs, and then sold the information.
Under earlier laws, companies have largely escaped punishment when employees used their access to internal computer systems to steal users’ personal data, according to Liu Chunquan, an intellectual property lawyer with Shanghai-based Duan & Duan Law Firm.
That has changed under the cybersecurity law, Mr. Liu said, with companies now potentially facing fines and other punishment by regulators unless they can prove their systems weren’t to blame for leaks.
The kind of information that was captured and resold here is the information a customer would regularly provide if they needed to have their iPhone serviced. No word on whether that includes device passcodes as well, which are now used as an authentication measure. Such information, though, should only be made available to an employee for the shortest possible amount of time, and I would hope that only those on a “need to know” basis can access it.