Massive Data Breach in China’s Travel Sector Exposes 7.5 Million Records
🚨 Major data breach alert! China’s travel platform leaks 7.5M records, including personal IDs and contact details. 🔐 #DataBreach #CyberSecurity
The data breach occurred on a major travel and tourism platform in China, which is widely used by millions of residents for booking trips, accommodation, and other travel-related services. The platform has been known for its comprehensive travel solutions, integrating various services into one seamless experience.
Breach Details
- Date of Breach: March 2024
- Data Compromised: 7.5 million pieces of data
- Resident IDs: 5.82 million
- Leaked Data Fields:
- Personal Information: Name, Gender, Birthdate, Address, Zip code, Mobile number, Telephone number, Email address
- Identification Details: Resident IDs, Province and City of ID issuance
- Travel Details: Province and City of travel, Carrier information
- Additional Information: Fax number
Threat Actor Profile
The data breach was advertised by a user named "BlackKing" on an underground forum. BlackKing holds the "GOD User" status, indicating a high level of activity and reputation within the forum community. The user's profile shows:
- Posts: 22
- Threads: 10
- Joined: June 2024
- Reputation: 30
BlackKing provided samples of the leaked data and invited interested parties to contact them for more information.
Impact Analysis
- Individual Impact: The breach exposes sensitive personal information, potentially leading to identity theft, financial fraud, and privacy violations. The compromised resident IDs and contact details can be misused for various malicious activities.
- Organizational Impact: The affected travel platform may face legal repercussions, loss of customer trust, and significant financial losses due to the breach. The incident could lead to a decrease in user engagement and a tarnished brand reputation.
- National Impact: On a broader scale, such a breach undermines the confidence in national cybersecurity measures and could lead to stricter regulations and policies for data protection.