To continuously enhance education on network and data security and to jointly create a safe and reliable cyberspace, we present the compilation of recent typical cases in the field of network and data security from various regions across the country:
01
In August 2025, the Pingyang County Cyberspace Administration discovered vulnerabilities in the network information system of a local company based on clues. An investigation revealed that the company’s responsible personnel had insufficient awareness of cybersecurity risks, inadequate management of the operation and maintenance of the network information system, and failed to fulfill their obligations for network security protection, resulting in weak password vulnerabilities. The Pingyang County Cyberspace Administration conducted interviews with the relevant responsible personnel in accordance with the “Cybersecurity Law of the People’s Republic of China” and other laws and regulations, and ordered them to rectify the situation within a specified time.
02
In July 2025, the Chengdu Cyberspace Administration in Sichuan Province discovered that the OA system of a local trading enterprise had been tampered with by foreign hackers, who posted political slogans. An investigation found that the enterprise’s OA system had not implemented technical measures to prevent computer viruses, network attacks, and other harmful behaviors to network security, nor had it established internal management systems and operational procedures, or developed emergency plans for network security incidents, leading to network intrusion, tampering of the login page, and dissemination of harmful information. The Chengdu Cyberspace Administration imposed a fine of 25,000 yuan on the company and a fine of 5,000 yuan on the relevant cybersecurity responsible personnel in accordance with the “Cybersecurity Law of the People’s Republic of China” and other laws and regulations.
03
In July 2025, the Nanchang Cyberspace Administration in Jiangxi Province discovered that the IP address of a local medical institution was suspected of being remotely controlled by hackers and frequently communicated with malicious domains. An investigation revealed that the medical institution had not fulfilled its obligations for network security protection and had not taken technical measures to prevent harmful behaviors to network security, resulting in the network being infected with Trojan viruses and engaging in communication with foreign websites. The Nanchang Cyberspace Administration issued a warning administrative penalty to the medical institution in accordance with the “Cybersecurity Law of the People’s Republic of China” and other laws and regulations.
04
In August 2025, the Hengshan County Cyberspace Administration in Hunan Province discovered that the MySQL database service of a local hospital’s health check system had weak password vulnerabilities and that the service was mapped to a public port, leading to the leakage of medical information. An investigation revealed that the hospital had not established a comprehensive data security management system and had not taken corresponding technical measures and other necessary measures to ensure data security. The Hengshan County Cyberspace Administration issued a warning and imposed a fine of 50,000 yuan on the hospital in accordance with the “Data Security Law of the People’s Republic of China”, and ordered it to rectify the situation within a specified time.
05
In August 2025, the Huaylong District Cyberspace Administration in Puyang City, Henan Province discovered that a local company’s website contained black link addresses. An investigation revealed that the company had not strictly fulfilled its responsibilities as a network platform operator during the operation of the website, had not established a network security system and content review mechanism, and had not fulfilled its obligations for managing network information content, resulting in the website transmitting information prohibited by laws and regulations. The Huaylong District Cyberspace Administration conducted interviews with the website’s responsible personnel in accordance with the “Cybersecurity Law of the People’s Republic of China” and ordered them to rectify the situation within a specified time.
06
In August 2025, the Uqia County Cyberspace Administration in the Kizilsu Kirghiz Autonomous Prefecture of Xinjiang discovered that a local company’s database had weak password vulnerabilities, which attackers could exploit to steal relevant information and gain management permissions, posing a risk of information leakage. An investigation revealed that the company had not fulfilled its obligations for network security protection and had been reported multiple times by the cyberspace administration but had not thoroughly rectified the issues. The Uqia County Cyberspace Administration issued an administrative warning to the company and ordered it to correct the situation within a specified time in accordance with the “Cybersecurity Law of the People’s Republic of China” and the “Data Security Law of the People’s Republic of China”.
Long press to identify the QR code to enterWenzhou Network Security Product Service Supermarket
Source: Wenzhou Cyberspace
Editor: Wang Zhoucan
Review: Fan Xingxin