"Hundred Days Action" see results ｜ Guangzhou Zengcheng Police conducts in -depth investigation of "100 -day action" network security investigation work

The Guangzhou Zengcheng Police launched an inspection in the aspects of the "Hundred Days of Action" to carry out the "Hundred Days of Action" in summer public security and combat the rectification, focusing on whether to collect personal information in compliance with the enterprise apps in the jurisdiction. The main body of the network is legal and compliant and healthy. Since the "100 -day operation", Zengcheng Police has inspected a total of 33 units, 36 APPs, 9 administrative penalties, and 12 rectification units.

On July 28, when the Zengcheng Police Network Security Department inspected that when an app developed by a company in the jurisdiction collected personal information, it did not explicitly show the purpose, method, and scope of collecting personal information to users, and violated the necessary principles. A non -necessary authority user refuses to provide a functional service. Subsequently, in accordance with the relevant provisions of the "Cyber ​​Security Law of the People's Republic of China", the police gave administrative warnings and punishment for the company's use of APP illegal and illegal personal information, and asked them to rectify within a time limit.

On August 3rd, the Zengcheng Police Network Security Department found in the work that websites operated by a company in the area were implanted into illegal information such as gaming websites. After investigation, the company has not taken measures of network security technology protection, network security protection management systems, and related network logs for less than six months. Police shall give the company an administrative warning and punishment in accordance with the relevant provisions of the "Cyber ​​Security Law of the People's Republic of China" and order correction.

On August 9, a company under the jurisdiction was invaded and was extorted. The investigation of the Takocheng Police Network Security Department found that the hacker used the network loopholes of the enterprise, invaded and obtained the operating authority of the relevant system, and then encrypted the enterprise's server system, and then left ransom information, requiring enterprises to pay digital currencies to decrypt the system. Soon, the police mastered in the investigation that it was a provincial hacker who found the server system vulnerability. After the hacker discovered the system vulnerability, the vulnerability was sold to the cyber black -produced criminals. Police subsequently arrested the suspect's (male, 29 years old) in Jiangsu. At present, Jimou has been taken criminal measures by the police in accordance with the law. The case is under further investigation.

In the investigation, the police also found that the company's network server has a systematic firewall, remote connection unlimited access to access IP, and unrealized security password strategies such as the domain control, and the server is in a "snap" state. In addition, the company also has not formulated internal security management systems and operating procedures, and less than six months of retention of related network logs. Police launched the "Double Inspection of One Case" and gave the company an administrative warning and punishment in accordance with the relevant provisions of the Cyber ​​Security Law of the People's Republic of China. The incident of cyber security in an enterprise is undoubtedly a direct loser, but cyber security is not just related to the enterprise. In fact, the company's database includes a large number of user data and privacy. Once invaded or leaked, user data and privacy will often be exposed, which seriously affects public interests. Therefore, the performance of enterprises to perform cyber security is not "their own affairs", and it is also related to the legitimate rights and interests of users and social public interests.

Police reminded Internet companies to implement the responsibility of the main body of network security, fulfill the obligations of network security protection, and collect, use, and protect personal information on legal compliance. Do not try the law, touch the legal bottom line of network security and personal information protection.

Edit | Little Zero

- END -