BEIJING | Yihaodian, a Chinese online retailer backed by Wal-Mart Stores Inc., WMT -0.74%is probing a possible security breach, in what appeared to be the latest attempt to steal consumer data in China's growing e-commerce sector.
Yihaodian, Wal-Mart's online arm in China, is working with local public-security officials to investigate the breach, a spokeswoman for the Shanghai-based company said Monday. She declined to offer details, including about how many customers might have been affected. The company says it has 18 million registered users.
"We take the safety and security of customer data and customer accounts very seriously," said the spokeswoman, Zou Pine. She said the company added measures to boost security on Yihaodian.com, including the addition of account-verification codes. It also reminded users to create complex passwords for their accounts.
Yihaodian promises next-day delivery for more than 180,000 products, including groceries, electronics and clothing. Founded in 2008, it reported 2.72 billion yuan ($426.9 million) in sales for last year, up from 805 million yuan in 2010.
Wal-Mart in February said it plans to increase its stake in Yihaodian to 51% from 18%, pending government approval. A spokesman for the U.S.-based retailer referred questions on the possible security breach to Yihaodian.
Industry experts have said that Chinese consumer-data breaches online have increased as consumers have flocked to the Web, pumping the country's e-commerce industry with personal data, such as their shopping habits and phone and credit-card numbers, that can be sold or otherwise exploited. Around 70% of Chinese consumers have had their personal data leaked from online sources, according to a survey this year of 3,000 people in China by the state-run Xinhua news agency.
Chinese police last month detained four people suspected of trying to obtain consumer data from e-commerce site 360buy.com, which is operated by Beijing Jingdong Century Trading Co., according to Xinhua. A person close to 360buy.com said the site was hacked but that no user information was stolen.
Experts have said that hackers see value in trading personal data to commercial companies that are trying to reach some of China's 1.34 billion potential shoppers. "The market has reached a point where it is big enough to be very valuable and is packed full of information about people," said David Wolf, chief executive of Wolf Group Asia, a Beijing-based marketing strategy firm.
The value of business-to-consumer transactions online in China reached 240 billion yuan last year, more than double a year earlier, according to Beijing-based market-data firm Analysys International.
China's e-commerce sites are particularly vulnerable to attacks, since the industry has been changing rapidly, leaving little time for thorough security updates, said Steve Mushero, chief executive of Shanghai-based Internet-service company ChinaNetCloud. Security systems and hardware in China are around 10 years behind those of the U.S., said Mr. Mushero.
Chinese consumers already are less likely than Western counterparts to put their credit- or debit-card data online, an impediment to the growth of the e-commerce industry, said Mr. Wolf. sites offer a cash-on-delivery option for consumers wary of entering their card numbers online.
Ms. Zou, the Yihaodian spokeswoman, said the company created a warning system that freezes accounts when they are accessed from suspicious Internet addresses or when Yihaodian notices that multiple accounts were accessed from the same address.
Only within the past three years has China begun to establish privacy laws to protect consumers against identity theft and the breach of such personal data as medical and insurance records.
China's Ministry of Public Security in recent months has led a crackdown on illegal trading of personal data. By the end of April, Chinese police had apprehended 1,936 people suspected of illegally trading private information, according to Xinhua.
Source: The Wall Street Joural, by Laurie Burkitt