An insider in China has revealed to the Epoch Times that he helped build a database that is now being used to handle Americans’ personal information stolen in cyberattacks.
The FBI revealed on June 4, 2015, that a cyberattack, allegedly from China, stole personal information on close to 21.5 million U.S. federal employees after breaking into the computer files of the Office of Personnel Management (OPM). Subsequent Chinese cyberattacks have also targeted personal data on Americans, including the February 2015 breach of Anthem that stole close to 80 million records.
According to the insider, the Chinese Communist Party (CCP) has built the database needed to make use of the massive trove of stolen data. He said that to create the spy database, the CCP brought in a small group of independent software developers from the United States, who worked alongside Chinese security branches to implement the system.
The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek (“ASUS”). In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS misrepresented its security practices and failed to reasonably secure its router software. The Commission cited the company’s alleged failure to address vulnerability reports as one of the its primary concerns. The settlement reiterates the warnings contained in the FTC’s recent Start with Security Guide and prior settlements with HTC America and Fandango: the FTC expects companies to implement adequate processes for receiving security vulnerability reports and addressing them within a reasonable time.