One cybersecurity expert says the latest data leak is unique in its increased sophistication, including the use of facial recognition and the collection of passport IDs.
The information was compiled by the Shanghai Public Security Bureau, a local level branch of Beijing’s main surveillance body, the Ministry of Public Security.
The data leak contains over 1.1 million surveillance records and includes information on 25,000 “persons of interest” in China, and 5,000 foreigners, including government officials and employees of Mitsubishi and U.S. manufacturing giant 3M.
Hackers found the unprotected database, named “Uyghur Terrorist,” on an open-source platform and provided it to Australian security officials, media organisations, and Canberra-based cyber security firm Internet 2.0, according to the Australian Broadcasting Corporation.
Over 161 Australian citizens were flagged by the PSB when they passed the immigration checkpoint at Shanghai’s Pudong International Airport in 2018.
A watchlist containing information on employees from 976 companies—Chinese and foreign-owned—was also discovered.
Individuals on this list were flagged because they had access to dangerous chemicals, drugs, and material fit for explosives manufacturing. Up to a quarter of these companies were foreign owned including 3M, Mitsubishi, and German pharmaceutical titan Bayer.
Up to 48 employees were tracked with facial recognition cameras as they moved through Shanghai’s Jinshan Port.
Australians from Ernst and Young, National Australia Bank, Telstra, the Australian Agricultural Company, the Department of Foreign Affairs, and a media group were also caught in the data sweep.
Janis Manning, the co-owner of publication Mediaweek, told the ABC she was only in Shanghai for a one-day stopover.
“I’m more intrigued and mystified than anything else,” Manning said.
“I just think I’ve popped up on some database, possibly because I’ve throughout my career been connected with the media in some senior positions,” she added.
“What the database also shows is how closely the CCP’s Close-Circuit Television Network (CCTV) and biometrics systems operate to collectively bring all aspects of surveillance together,” he told The Epoch Times in an email.
“It demonstrates that the Chinese government has a fully integrated system that could also extend to drones,” he added, noting that he was shown 5G surveillance drones during a previous visit to China.
The CCP’s Skynet project is an ongoing, centralised mass-surveillance project linked to over 200 million CCTV cameras across the country and includes biometric data collection technologies like facial recognition.
The latest PBS leak also contained the identities of 25,000 persons of interest, including ethnic Uyghurs, political dissidents, children, alleged criminals, and those with mental illness.
The details of thousands of police informants were also contained in the dataset’s phone records, including names, home addresses, and phone numbers.
One Uyghur, marked as a “suspected terrorist,” and now living in Turkey, believes he was caught up in the data sweep when he visited Shanghai Disneyland for one day in 2017. He was in Hangzhou at the time.
Around 8,000 Uyghurs have been flagged for “suspected terrorism” and other alleged crimes.
Last year, cybersecurity firm Internet 2.0 was also involved in deciphering and analysing two other major data leaks from China, the Zhenhua Data leak and Shanghai Chinese Communist Party (CCP) members list.
“Huge numbers of their own citizens, including 4-year-old children and families visiting Shanghai Disneyland, are happily labelled as terrorists by CCP agencies,” he told The Epoch Times.
“You can be puzzled and bemused by the types of people and the information on them that Chinese security agencies collect,” he added, saying the mass of information means the CCP has leverage to target individuals to either advocate for Beijing or be discredited.
However, Shoebridge noted that major leaks of Chinese data had been occurring on a regular basis.
“Despite enormous investments in cybersecurity, online monitoring, surveillance, and a deeply controlling central authority,” he said. “This is a large vulnerability in the Party’s operating model that seems to be growing, not contracting.”