A new report out of China details the arrest of some 20 employees working as Apple distributors who illegally sold customer data as part of a $7 million operation. The arrested employees reportedly worked in “direct marketing and outsourcing” roles for the company in the Zhejiang province.
While details are still light at this point aside from a police statement on the arrests, the report appears to describe an operation in which distributors with access to customer contact information were able to sell this information to the black market for profit.
Exactly what information was accessed or how long the operation went on is unclear, although the report does not appear to suggest any security breach occurred but rather employees taking advantage of information generally available as part of the job.
Apple employees having access to customer contact information like customer names, email addresses, and phone numbers is not uncommon for a variety of roles including support positions, and nothing suggests more personal data beyond contact information was collected and distributed.
The report also says that police say they have broken up the illegal operation following the arrests:
The most challenging problem here seems to be balancing what necessary access employees have to customer data like contact information and how it can be used. In this specific case, the scale at which the operation reached is perhaps most surprising.
We’ll update if any new details are learned in this incident.
