CCTV News: Corporate data is becoming an indispensable development resource for modern enterprises. The procuratorial case found that in recent years, cases of criminals infringing on corporate data security have occurred frequently, damaging the legitimate rights and interests of companies and affecting the innovative development of companies. In 2024, procuratorates across the country prosecuted nearly 1,000 people of various crimes that infringe on corporate data security. They need to punish crimes in accordance with the law, promote source prevention, and help enterprises maintain the data security line.

First, some hackers illegally obtain corporate data through technical means. Some criminals invade the company's backend by installing remote control programs, illegal plug-ins, etc., illegally obtain enterprise data, and damage the legitimate rights and interests of enterprises. For example, in the case of Shanghai Z Network Technology Company illegally obtaining computer information system data handled by the procuratorate, in order to attract customers, Z Company illegally obtains data on takeaway platform stores, order information and other data operated by Company E through crawling programs, causing E Company to directly lose more than 40,000 yuan. For example, in the case where the procuratorate handled the case that Liu Moumou and Luo Moumou illegally obtained computer information system data and provided programs to invade computer information system, Luo Moumou and three others designed plug-ins that could invade the background of a technology company's live broadcast application, and sold it to Liu Moumou and six others. Liu Moumou and others used the program to illegally obtain the background data of the company's live broadcast application, and grabbed red envelopes by automatically entering the live broadcast room to find red envelopes, sharing live broadcast room, and assisting, making an illegal profit of more than 370,000 yuan.

Secondly, some "insiders" in some companies use their positions to steal and leak data and make illegal profits. Some corporate staff use their positions to steal, leak corporate data and obtain improper benefits, becoming "insiders" who infringe on corporate data security. For example, in the case of Feng's embezzlement handled by the procuratorate, Feng used his position to be responsible for the e-commerce service provider business of a technology company to collude with external e-commerce service providers to illegally provide data such as e-commerce IDs and other data that the company has possessed. The external e-commerce service provider fabricated the fact that it had provided services to the above-mentioned e-commerce companies and embezzled the company's reward of more than 100 million yuan. For example, in the case of Sima Moumou's infringement of business secrets handled by the procuratorate, Sima Moumou, a network administrator of a certain company, used his work authority to download some of the company's core product technical drawings and other electronic data to the mobile hard drive, and then handed it over to other companies to use this data to produce similar products and occupy the market at a low price, resulting in a loss of sales profit of more than 5 million yuan in the company. In some companies, data supervision measures are not in place. In order to achieve profits or vent their anger, some employees illegally obtain and store data during their employment, borrow data for profit after leaving, or use the original data management authority to enter the office system to destroy the enterprise database after being fired, and go from the "guardian" of data to the "destroyer". For example, in the case of Yang Moumou's infringement of business secrets handled by the procuratorate, Yang Moumou, an engineer from a network technology company, illegally stored the source code of some modules of an App that he participated in the research and development on his personal computer and the cloud. After he switched to work in other companies, he used the above code to develop similar apps, helping other companies earn more than 33.5 million yuan, causing the original company to lose more than 4.4 million yuan. For example, in the case of Lu Moumou's illegal control of computer information system handled by the procuratorate, Lu Moumou had conflicts with the company's responsible personnel before leaving the company, and held a grudge. He then used his original company's shared server administrator account and password to delete the data and operation logs in the server disk, causing a large amount of work data to be lost in the company and affecting the normal development of the work.

Third is that some data service providers or false incoming personnel tamper with, steal, or illegally use corporate data without authorization. Some companies choose third-party institutions or enterprises to specialize in data maintenance, software development and other work. Some data service providers and their staff use this to tamper with data without authorization, causing economic losses to the companies. For example, Bai Moumou, an employee of a software company, was responsible for providing production management system upgrade services to an industrial company. In order to get the industrial company to pay the service fee as soon as possible, Bai Moumou deliberately added the error code when writing the program, causing the industrial company's system to be unable to log in, causing economic losses of more than 40,000 yuan. Some criminals have falsely applied for the job and waited for an opportunity to implant the Trojan virus into the company's office computer, and then the "back-end" technicians remotely invaded and stole the company's internal data. The method of committing the crime is more concealed and the victimized company is not easy to detect. For example, in the case of 17 people including Wang Moumou and Bai Moumou infringing on citizens' personal information handled by the procuratorate, the criminal gang successively applied for jobs from many Internet companies and temporarily joined the company, implanted a Trojan program with remote stealing computer information on the company's office computer, and then the accomplices remotely invaded the computer and stole more than 14 million pieces of personal information from the company's customers. In March of that year, the victim company found that the server was invaded and the customer information was stolen. It was not until May that it was discovered that the company's computer was implanted with a Trojan program; the other victim company only found that 13 computers of the company were invaded and the customer information was stolen after being informed by the public security organs.

In response to the above situation, the procuratorate has increased its crackdown on data crimes involving enterprises in accordance with the law, severely punished criminals such as "insiders" in enterprises, and used typical cases to guide enterprises to strengthen data security, internal risk control and other work, effectively safeguard the legitimate rights and interests of enterprises and help enterprises in innovative development. In the next step, the procuratorate will thoroughly implement the spirit of the Central Economic Work Conference, continuously optimize the performance of procuratorial duties, give full play to the role of procuratorial functions, and equally protect all types of business entities in accordance with the law, creating a good environment for the development of enterprises. At the same time, the procuratorate reminds us to establish and improve the enterprise data management system as soon as possible, strictly manage data access rights, strengthen the management of practitioners and resigned personnel, clarify the emergency response process for data leakage, strengthen security audits and risk assessments, plug loopholes in a timely manner, and form a comprehensive and multi-level enterprise data security protection system.