Brinztech Alert: Alleged Medical Database of 99 Million Chinese Citizens is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a massive medical database originating from China. The dataset reportedly contains nearly 99 million records and is attributed to a “GOV” (Government) source.

Brinztech Analysis:

• The Target: The scale (99 million records) closely matches the population of a major Chinese province (e.g., Henan, Shandong, or Guangdong). This suggests the breach is likely of a Provincial Health Code (Jiankang Ma) system or a regional COVID-19 surveillance database, rather than a single hospital.
• The Data: The leaked fields are a “digital footprint” of China’s pandemic control infrastructure:
  • Identity: Citizen ID (Shenfenzheng), Full Names, Mobile Phones.
  • Surveillance Data: Earth Longitude/Latitude (GPS location data from scanning QR codes), Detailed Addresses.
  • Medical Data: Temperature Test Results, Reporting Categories, and Organizational Details.
• The “Smoking Gun”: The combination of “Temperature Test Results” and “GPS Coordinates” confirms this is not a standard electronic health record (EHR) but a mass surveillance log. This data was likely collected during the “Zero-COVID” era or from ongoing public health monitoring systems.

This incident follows a pattern of massive leaks in 2025, including the 4 billion record data exposure discovered in June and the 1.5 billion record leak in January. The re-emergence of such specific, high-fidelity surveillance data indicates that the vast data lakes created during the pandemic remain unsecured and are being actively mined by cybercriminals.

Key Cybersecurity Insights

This alleged data breach presents a critical threat to national security and individual privacy:

• Massive Surveillance Exposure: The exposure of GPS coordinates linked to Citizen IDs allows for the retrospective tracking of nearly 100 million people. Adversaries could use this to map the movements of government officials, military personnel, or dissidents.
• High Risk of Identity Theft: The Citizen ID is the master key to life in China (banking, travel, social services). A breach of 99 million IDs, combined with mobile numbers and addresses, enables industrial-scale identity theft and fraud.
• Geopolitical Intelligence: The “GOV” source indicates a potential compromise within government or state-affiliated systems. Foreign intelligence agencies or state-sponsored actors could leverage this data to identify key personnel in sensitive organizations based on their “organizational details” and location history.
• Persistent Vulnerability: The fact that this data (likely collected 2020-2023) is being sold in late 2025 highlights a failure in data lifecycle management. Sensitive surveillance data should have been purged or archived offline, not left accessible on internet-facing servers.

Mitigation Strategies

In response to this claim, government agencies and affected citizens must take immediate action:

• Strengthen Data Loss Prevention (DLP): Government entities must implement advanced DLP solutions to monitor for “low and slow” data exfiltration from legacy health databases.
• Data Minimization (Purge Legacy Data): Immediate audit of all pandemic-era data warehouses. If the data is no longer needed for active public health goals, it must be securely deleted or moved to deep, cold storage.
• Zero Trust Architecture: Adopt a Zero Trust model for all government databases. Access to citizen data should require context-aware authentication (e.g., only accessible from specific government devices and locations), not just a password.
• Public Awareness: While citizens cannot change their Citizen IDs, they should be warned to be vigilant against “official impersonation” scams (e.g., fake police or health officials) that use this precise data to establish authority.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com