SHANGHAI (AFP) – The Chinese government on Monday called for heightened data security measures and anti-hacking protections for sensitive domestic companies, vowing to “effectively prevent and control major risks” by 2026.
China has in recent years accused other governments and foreign groups of launching cyberattacks on its digital infrastructure, while being blamed itself for sponsoring attacks abroad, including in the United States (US).
Beijing’s Ministry of Industry and Information Technology on Monday called for the construction of a “data security protection system” in a document addressed to local governments and Chinese businesses.
Local governments must focus their attention on “businesses that have mastered key technologies… are related to the security and stability of the industrial chain, or have a bearing on national security”, the ministry said.
Officials must also “guide businesses to strengthen risk monitoring and emergency responses for important and core data”, with more than 45,000 companies expected to be enrolled in a national data protection and classification system by 2026.
Data leaks have been a persistent problem in China, with hackers claiming in 2022 to have accessed the personal information of a billion Chinese citizens, including summaries of incidents reported to the Shanghai police.
Another massive leak in the same year exposed millions of pieces of facial recognition and vehicle registration data belonging to Hangzhou-based tech company Xinai Electronics, TechCrunch reported.
The US arm of China’s largest bank, ICBC, said in November that it was hit by a ransomware attack that disrupted its financial services systems.
US media at the time reported that ICBC had been targeted by Russian-linked ransomware specialist LockBit, which has attacked governments, major companies, schools and hospitals, causing billions of dollars of damage and extracting tens of millions in ransoms from victims.
China has also been accused of backing cyberattacks against foreign governments, with the Netherlands saying this month that Beijing’s hackers had installed malware in a computer network being used by the Dutch military.
Monday’s directive comes after a data leak from Chinese cybersecurity firm I-Soon that appeared to show staff hacking into neighbouring countries’ government servers and taking over individuals’ social media accounts.