A Chinese firm with suspected ties to the Chinese government has been amassing a database of detailed personal information on 2.4 million people, including more than 50,000 Americans, according to findings by an independent researcher and an Australia-based cybersecurity firm.
Christopher Balding, an American professor who taught at Peking University's HSBC School of Business in Shenzhen for nine years, analyzed the data with Internet 2.0, a cybersecurity firm based in Canberra. They published their findings this week.
Balding said the database was leaked to him in 2019.
The cache, called the Overseas Key Information Database (OKIDB), contains the personal information of roughly 2.4 million people. Many of them are influential policymakers who can exert influence in their fields of specialty.
According to their report, the database was compiled by China's Zhenhua Data Information Technology Co. The company was founded in 2017 and had offices in Shenzhen and Beijing. Its mission, according to a screen shot of their website, which was deleted not long ago, is to "aggregate global data and help the great rejuvenation of the Chinese nation."
Zhenhua Data's marketing and recruiting documents characterize the company as a patriotic firm, with the military as its primary target customer.
Cybersecurity firm Internet 2.0 was able to recover the records of about 250,000 people from the leaked data, including 52,000 Americans, 35,000 Australians and nearly 10,000 British citizens. These include politicians and businessmen, scientists, tech experts, academics, bankers, journalists and lawyers. Information about family members, such as the 11-year-old daughter of Canadian Prime Minister Justin Trudeau, was also recovered.
Analysts say the data was extracted from social media platforms such as Twitter, Facebook and LinkedIn, as well as news reports and criminal records.
Balding told VOA that apart from open source, there was also data extracted from illegal sources.
"We estimate about 80 percent of the data is what we call open source. There's also data that appears to be hacked or stolen data that comes from other sources, nonpublic sources," Balding said.
In a statement, he described the breadth of the data as "staggering," saying the individual who provided the Shenzhen Zhenhua database by putting themselves at risk has done "an enormous service" and is proof that many inside China are concerned about surveillance by China's Communist Party.
"It allows China to know which institutions or individuals they should be targeting. This is why, for instance, intelligence agencies in multiple countries have warned about Chinese recruitment through platforms such as LinkedIn," Balding told VOA.
He added that the database also appears to be targeting policymakers, including influential figures in think tanks and relatives of key politicians. By doing this, China hopes to exert influence on these individuals and possibly shift policies to its liking, Balding said.
According to The Washington Post, which obtained part of OKIDB, the database also targets military officials.
For example, there is detailed information on former Chief of Naval Operations John Richardson; his service history and complete training were highlighted in Chinese.
Former U.S. Acting Secretary of the Navy Thomas Modly is also in the database, along with the names of his wife and four children, his educational background and his work history in the private sector.
A representative from Zhenhua Data told The Guardian that "the report is seriously untrue," adding "there is no database of 2 million people," while denying any links to the Chinese government or military.
Analysts say it is not surprising that a consultancy would collect detailed data on prominent figures in different sectors. What matters is how the data is used.
Arun Vishwanath, chief technology officer at Avant Research Group, a cybersecurity research firm, told VOA there are two concerns with a data operation of such scale and scope.
"One is propaganda, information and disinformation, and the other is being used for targeted attacks, which could have all manner of consequences," Vishwanath said.
"We all need to have better cyber hygiene. We all need to be safer with how we share information online to store information about ourselves online. So this is a responsibility that each of us as individuals share," he said.