This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact The Epoch Times Reprints.

The Epoch Times
The Epoch Times
AD
The Epoch Times
Social Control

China Says Outsourced IT Contractor Leaked Sensitive Research Data to Foreign Spy Agency

Beijing disclosed an alleged research data breach but withheld key details, prompting cybersecurity experts to question how the incident unfolded.
Google LogoMark Us Preferred on Google
China Says Outsourced IT Contractor Leaked Sensitive Research Data to Foreign Spy Agency
Chinese police patrol in Beijing on May 14, 2026. Pedro Pardo/AFP via Getty Images
Michael Zhuang
Michael Zhuang
7/7/2026|Updated: 7/7/2026
0:00

China’s national security authorities say an outsourced IT contractor working for a research institution stole a large volume of sensitive scientific data and passed it to a foreign intelligence agency, but the regime’s account, lacking key details, has raised questions about how the alleged breach occurred.

In a notice published on July 5 via Chinese state media China Central Television, China’s Ministry of State Security (MSS) described the case as one of three examples highlighting security risks associated with outsourcing data management. The MSS said a research institution had contracted a third-party company to maintain its experimental database, but failed to establish adequate oversight mechanisms.

According to the MSS, an outsourced maintenance worker was allegedly recruited by a foreign intelligence agency, used remote administrative privileges to download “massive amounts” of core research data, and transmitted the information abroad before being arrested by state security authorities. Officials said personnel at the research institution were also held accountable.

The MSS did not identify the research institution or the outsourcing company when the alleged incident occurred, what type of research data was involved, or which foreign intelligence service was allegedly responsible.

The MSS notice alleged that some organizations outsource not only technical operations but also access rights and sensitive data without establishing adequate review and supervisory mechanisms.

Two Chinese cybersecurity experts and a scholar spoke to The Epoch Times on condition of anonymity or only publishing their surname out of fear of reprisal.

Sensitive Data 

A head of a cybersecurity department at a Chinese state-owned enterprise told The Epoch Times that if the information involved classified research, it should have been handled exclusively on isolated internal networks rather than systems connected to the internet.
Related Stories
The Epoch Times
Taiwan Restores ‘Anti-Communist’ Training for New Officers as China Threats Mount
The Epoch Times
Trump Warns China Is Trying to Take Panama Canal, Links Threat to Communism

“Even material classified at the lowest level of state secrecy requires multiple layers of authentication before it can be accessed,” he said. ”Under normal procedures, any attempt to download such data should immediately trigger security alerts. Systems handling classified information are typically isolated local networks that cannot connect to the public internet.”

The cybersecurity head said the MSS notice failed to explain how the contractor obtained the necessary access privileges or through what channel the data was allegedly transferred overseas.

Hong, a Chinese cybersecurity professional with about a decade of industry experience, told The Epoch Times that remote administrative access presents one of the greatest risks in outsourced database management.

“If an outsourced employee is able to log in remotely and download data in bulk, then control over the data has effectively left the institution,” Hong said.

However, he noted that Chinese regulations governing sensitive research databases generally require strict access controls.

“Normally, obtaining permission to download core research data is not easy,” he said. “The statement doesn’t explain how those permissions were obtained or how the files were transmitted abroad.”

Hong added that many major data breaches originate from external cyberattacks rather than insiders deliberately passing information to foreign governments.

The MSS announcement also included two additional outsourcing-related data security cases.

In one case, a company providing IT services to a hospital secretly collected personal information from patients using the hospital’s registration system and copied more than 280,000 records into its own database after removing duplicate entries. Regime authorities said the company was convicted of illegally obtaining citizens’ personal information.

The third case involved an organization that outsourced the construction and maintenance of its official website to a private contractor.

According to the MSS, the contractor failed to implement basic cybersecurity protections or patch known software vulnerabilities. After the website went online, hackers compromised the system and inserted illegal content. Regime authorities ordered both parties to correct the deficiencies.

Broader Security Messaging

A China-based scholar told The Epoch Times that Beijing has increasingly centralized public data within regime agencies and state-affiliated digital platforms while simultaneously outsourcing many technical operations to private contractors.

He believes the MSS is using outsourcing cases to reinforce its broader counterespionage campaign.

“The purpose of these announcements is to warn internet users not to be exploited by foreign spies,” he said. “More importantly, state security [authorities] encourage public suspicion toward Western countries by suggesting that foreigners could be intelligence agents and discouraging online contact with them.”

The scholar argued that the messaging contrasts with the Chinese regime’s efforts to use social media platforms, including Facebook and LinkedIn, to recruit scientists, engineers, and military pilots with lucrative job offers.

“The Chinese regime knows these recruitment efforts may violate foreign laws,” he said. “Yet now they accuse Western countries of conducting espionage and infiltration against China.”

China’s MSS has taken on an increasingly prominent public communications role this year, regularly publishing reports of alleged espionage cases as part of a broader national security campaign.

Meanwhile, the U.S. Embassy and Consulates in China have continued issuing public advisories warning Americans about potential risks when traveling to China.

Between July 1 and July 3, the embassy posted three bilingual reminders on X. The latest warned that journalists working in China face risks including detention and expulsion.

From June 13 through June 30, the embassy issued seven separate travel-related advisories addressing issues including dual nationality, exit bans, arbitrary detention, risks associated with Chinese heritage or ties to the U.S. government, arrest notifications, surveillance, and online privacy.

Zhou Yu contributed to this report. 
Google LogoMark Us Preferred on Google
Michael Zhuang
Michael Zhuang
Author
Michael Zhuang is a contributor to The Epoch Times with a focus on China-related topics.
Author’s Selected Articles
China Reservoir Breach Leaves Villages Flooded as Residents Question Warning and Evacuation Efforts
Jul 07, 2026
China Reservoir Breach Leaves Villages Flooded as Residents Question Warning and Evacuation Efforts
China’s New Ethnic Unity Law Is Tool to Expand CCP’s Transnational Repression, Critics Say
Jul 06, 2026
China’s New Ethnic Unity Law Is Tool to Expand CCP’s Transnational Repression, Critics Say
China’s Universities Raise Tuition as Local Government Debt Pressures Mount
Jul 04, 2026
China’s Universities Raise Tuition as Local Government Debt Pressures Mount
China’s Driverless Delivery Push Fuels Fears of Job Losses as Automation Accelerates
Jul 04, 2026
China’s Driverless Delivery Push Fuels Fears of Job Losses as Automation Accelerates
AD
Add to My List
Save
The Epoch Times
Copyright © 2000 - 2026 The Epoch Times Association Inc. All Rights Reserved.