Twenty Apple employees in China have been arrested by cops investigating the lifting and reselling hundreds of thousands of pieces of customers' personal information.
According to the South China Morning Post, police in four provinces have cuffed 22 people in total who are believed to be behind a fraud ring that made roughly $7.36m in profits from selling the personal information of Apple customers.
Of those 22 people, 20 were believed to be Apple employees who had access to customer databases. The police say those 20 went into customer records to lift information including names, phone numbers, and Apple IDs.
They then sold off the stolen information to fraudsters at prices ranging from $1.50 to $27 per record. The report did not say just how many people's information was accessed, or whether the victims are international or only based in China, but the $7.36m haul would indicate that the number of accounts exposed easily reaches into the hundreds of thousands.
According to the report, police have been investigating the group for months and now believe they have dismantled the entire operation.
Apple did not respond to a request for comment on the matter.
This would not be the first time a massive customer record theft was found to be an inside job. Security researchers say a market for leaked internal records from employees is thriving on the dark web, as scammers are soliciting workers to turn over files in exchange for cash.
Earlier this year, three workers at a Cardiff car rental shop were charged with selling off customer contact details to scammers for use in extortion schemes.
A survey conducted in 2015 found that a third of workers would be willing to sell off sensitive information if given the offer. ®