China Provident Fund Database

In 2024, the Employee Provident Fund (EPF) database, a crucial repository of financial data for China's workers, was breached, resulting in the leak of personal information belonging to 63,999,878 individuals. The leak included sensitive details such as names, addresses, National ID numbers, and employment histories.

The leaked data originated from the public-facing website of the EPF, which allowed users to access information about their EPF accounts through an online portal. However, it was later discovered that the website contained a vulnerability that enabled unauthorized access to the underlying database. As a result, cybercriminals were able to extract and leak the vast amount of personal data.