Leaks prompt postal overhaul

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.chinadaily.com.cn/cndy/2012-12/24/content_16045318.htm

Delivery firms urged to safeguard information amid security breaches

China's postal authorities have ordered an overhaul of the express
delivery sector amidgrowing concerns over personal information being
leaked and traded by workers.

The State Post Bureau said in a recent statement that delivery
companies should ensure userinformation is well protected throughout
their procedures, and that authorities will beconducting spot-checks
on firms, focusing specifically on personal information security.

The moves come after various media reports highlighting the reselling
by express workers ofdelivery receipt details, which have increased
public concern over the disclosure of personalinformation.

Liu Jun, deputy chief of the State Post Bureau, said at a conference
last week that the nationalauthority plans to build a long-term system
of protecting user information in the expressdelivery sector.

Anyone found guilty of misusing personal information could face legal action.

Liu said companies failing to meet the protection requirements would
be suspended fromproviding service until they have rectified any
problems identified.

China's express delivery industry has been boosted by the booming
online shopping market,estimated at 806.2 billion yuan ($129.2
billion) in the first three quarters of this year, accordingto the
Ministry of Commerce.

Other figures from the State Administration of Industry and Commerce
now suggest there are210 million online shoppers in the country.

The reselling of package receipts has become big business, said Hong
Zhilong, a manager ofthe Anzhenmen branch of ZTO express in Chaoyang
district in Beijing.

"I now know there are companies that gather this kind of information
and resell it - I get callsfrom them all the time," he said.

Hong said delivery workers are required to keep the receipts signed
for by customers for ayear before handing them to the headquarters of
the company.

However, Hong said not all workers obey the rules, and "there were
many cases of userinformation being leaked".

Zhang Guoquan, a manager at the Tianshuiyuan community branch of
Shanghai YundaExpress in Beijing, said he also receives phone calls
inquiring about sales of receipts andtracking numbers.

"I never even talk with them. I have been in this industry for more
than 10 years, and I knewhow important reputation is. To me it is a
matter of principle," he said.

Meanwhile, another area of the industry causing concern to the
authorities is the poor disposalof parcel boxes and receipts, by
companies and customers.

In February, a court in Xiamen, Fujian province, sentenced a
24-year-old man to death afterhe was convicted of killing a woman, who
attracted his attention as being wealthy because shehad made so many
purchases online, which arrived at her home by express delivery.

He noticed the number of parcels she had disposed of at her
residential community, and theman had been using the boxes for clues
about her wealth.

He then pretended to be an express delivery worker, and when she
opened the door hegained entry and killed and then robbed her,
according to a report by the People's Court Daily.

In a statement issued by the national postal authority on Dec 10,
express delivery users arereminded to remove any receipts from the
outside of any parcels and make sure they do notdisclose anything
about their personal information before throwing them away.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.