A massive underground criminal operation run by employees of an Apple “domestic direct sales company and outsourcing company” to steal and sell the private data of Apple users has been uncovered in China, according to authorities.

Chinese law enforcement detained 22 people on suspicion of infringing the privacy of Apple users and illegally obtaining their digital personal information, according to local police in southern Zhejiang province.

The authorities did not specify whether the data belonged to Chinese or foreign Apple users. Of the 22 suspects, 20 were employees of companies who worked with Apple, who allegedly used internal systems to gather users’ names, phone numbers, Apple IDs and other personal data, which was then sold as part of a scam worth more than 50m yuan (£5.8m). A co-ordinated effort, following months of investigation and involving police across the Guangdong, Jiangsu, Zhejiang, and Fujian provinces, saw the 22 suspects apprehended, their “criminal tools” confiscated and their online network dismantled. The suspects worked in direct marketing and outsourcing for Apple in China, and allegedly charged between 10 yuan (£1.15) and 180 yuan (£20.76) for pieces of the illegally extracted data. The sale of personal information is common in China, which implemented a controversial new cybersecurity law aimed at protecting the country’s networks and private user information on 1 June. In December, an investigation by the Southern Metropolis Daily newspaper exposed a black market for private data gathered from police and government databases. Reporters successfully obtained a trove of material on one colleague, such as flight history, hotel checkouts and property holdings, in exchange for a payment of 700 yuan (£80.77).

Apple declined to comment.

