China's biggest e-payment service provider, Alipay, has apologized for a security breach in which personal data of its customers were downloaded and sold.
A subsidiary of Chinese e-commerce giant, Alibaba Group, Alipay said in a statement Sunday that it had notified local regulators and would update the public on the results of the investigation. "The leaked data revealed only transaction information before 2010, [and] excluded sensitive information such as usernames or passwords, which were ciphered through a sophisticated method that is not available to anyone," it said.
The company accounts for 61 percent of China's third-party payment market, noted a China Daily report, citing stats from IT consultancy iResearch. Some 200 banks and 400,000 e-commerce merchants currently support Alipay as an online payment channel.
According to local reports, a former employee had accessed the company's backend system and downloaded 20GB worth of customer data, including mobile numbers, home and e-mail address, and transaction records. He then colluded with two IT professionals to sell the data to other companies--mostly e-commerce vendors looking to push advertisement to online shoppers. The former employee and his two accomplices were now in police custody in Hangzhou.
Alipay said it uncovered the surreptitious activity during an internal audit and reported it to local authorities. In its statement, it pledged to beef up its security measures to safeguard user privacy.
Quoting user and insurance company clerk, Wang Hongji, China Daily reported: "I'm worried at the thought of a possible leak of my correspondence address, not to mention they might leak my transaction passwords." Wang said he usually had over 10,000 yuan (US$1,638) in his Alipay account.
The report further cited Li Zhi, principal analyst at Beijing-based consultancy Analysis International, who noted online shoppers in China often were required to provide personal data, making them susceptible to security and privacy threats. "The situation can even be exacerbated when a transaction involves multiple services, where the payment is conducted between a customer and a primary service provider that outsource services to others," Li said.
Alipay in February 2013 partnered Microsoft to develop a security tool for personal computers, mobile phones, and other end-user devices, as both companies looked to increase awareness of e-commerce security risks.
Online transactions are growing exponentially in China, which is predicted to bypass the U.S. to become the world's biggest e-commerce market in 2013. According to Consultancy firm Bain & Co., the Asian economic giant would generate 3.3 trillion yuan (US$540.56 billion) in e-commerce revenue by 2015.
The Chinese government also was reportedly drafting policies as part of efforts to drive cross-border e-commerce activities.