China’s national security authorities say an outsourced IT contractor working for a research institution stole a large volume of sensitive scientific data and passed it to a foreign intelligence agency, but the regime’s account, lacking key details, has raised questions about how the alleged breach occurred.
In a notice published on July 5 via Chinese state media China Central Television, China’s Ministry of State Security (MSS) described the case as one of three examples highlighting security risks associated with outsourcing data management. The MSS said a research institution had contracted a third-party company to maintain its experimental database, but failed to establish adequate oversight mechanisms.
According to the MSS, an outsourced maintenance worker was allegedly recruited by a foreign intelligence agency, used remote administrative privileges to download “massive amounts” of core research data, and transmitted the information abroad before being arrested by state security authorities. Officials said personnel at the research institution were also held accountable.
The MSS did not identify the research institution or the outsourcing company when the alleged incident occurred, what type of research data was involved, or which foreign intelligence service was allegedly responsible.
The MSS notice alleged that some organizations outsource not only technical operations but also access rights and sensitive data without establishing adequate review and supervisory mechanisms.
Sensitive Data
A head of a cybersecurity department at a Chinese state-owned enterprise told The Epoch Times that if the information involved classified research, it should have been handled exclusively on isolated internal networks rather than systems connected to the internet.“Even material classified at the lowest level of state secrecy requires multiple layers of authentication before it can be accessed,” he said. ”Under normal procedures, any attempt to download such data should immediately trigger security alerts. Systems handling classified information are typically isolated local networks that cannot connect to the public internet.”
The cybersecurity head said the MSS notice failed to explain how the contractor obtained the necessary access privileges or through what channel the data was allegedly transferred overseas.
Hong, a Chinese cybersecurity professional with about a decade of industry experience, told The Epoch Times that remote administrative access presents one of the greatest risks in outsourced database management.
“If an outsourced employee is able to log in remotely and download data in bulk, then control over the data has effectively left the institution,” Hong said.
However, he noted that Chinese regulations governing sensitive research databases generally require strict access controls.
“Normally, obtaining permission to download core research data is not easy,” he said. “The statement doesn’t explain how those permissions were obtained or how the files were transmitted abroad.”
Hong added that many major data breaches originate from external cyberattacks rather than insiders deliberately passing information to foreign governments.
The MSS announcement also included two additional outsourcing-related data security cases.
In one case, a company providing IT services to a hospital secretly collected personal information from patients using the hospital’s registration system and copied more than 280,000 records into its own database after removing duplicate entries. Regime authorities said the company was convicted of illegally obtaining citizens’ personal information.
The third case involved an organization that outsourced the construction and maintenance of its official website to a private contractor.
Broader Security Messaging
A China-based scholar told The Epoch Times that Beijing has increasingly centralized public data within regime agencies and state-affiliated digital platforms while simultaneously outsourcing many technical operations to private contractors.He believes the MSS is using outsourcing cases to reinforce its broader counterespionage campaign.
“The purpose of these announcements is to warn internet users not to be exploited by foreign spies,” he said. “More importantly, state security [authorities] encourage public suspicion toward Western countries by suggesting that foreigners could be intelligence agents and discouraging online contact with them.”
The scholar argued that the messaging contrasts with the Chinese regime’s efforts to use social media platforms, including Facebook and LinkedIn, to recruit scientists, engineers, and military pilots with lucrative job offers.
“The Chinese regime knows these recruitment efforts may violate foreign laws,” he said. “Yet now they accuse Western countries of conducting espionage and infiltration against China.”
Meanwhile, the U.S. Embassy and Consulates in China have continued issuing public advisories warning Americans about potential risks when traveling to China.
Between July 1 and July 3, the embassy posted three bilingual reminders on X. The latest warned that journalists working in China face risks including detention and expulsion.
From June 13 through June 30, the embassy issued seven separate travel-related advisories addressing issues including dual nationality, exit bans, arbitrary detention, risks associated with Chinese heritage or ties to the U.S. government, arrest notifications, surveillance, and online privacy.







