"The industry as a whole doesn't grasp the importance of securing data," Jiang said.
Jiang admitted that CSDN only had three people responsible for the maintenance of 100 servers that stored information of 20 million registered users.
"The situation in China is that most of the websites don't have professional technicians responsible for data security. Even those who have professional security technicians do not invest enough in security issues," Wang said.
The users' information leak last December was the largest in China's history, but it wasn't the first.
At the end of 2007, personal information of more than 40,000 pregnant women in Shenzhen, Guangdong was leaked after hackers breached the municipal health bureau's network. In March 2011, personal information of 14 million cellphone users was leaked in Shaanxi Province.
"The government should focus on new security issues arising from the application of various new technologies and intensify its crackdown on illegal industry chains of selling personal information," Zhou said.
"Internet operators should also strengthen their management, self-discipline, security guarantees and emergency response capabilities," he added. While websites become the target of outside hackers, most cases are inside jobs. The official investigation showed that the leak of YY.com, a Guangzhou-based provider of online and mobile gaming services, was done by its own staff.
Official investigation results of the information leak were released on January 10, 2012 by the National Internet Information Office, the country's Internet watchdog. Four people were placed in criminal detention and eight others received administrative penalties.
While the country hailed the timely investigation and imprisonment of the hackers involved, the victims did not know where they could turn to claim compensation.
Legal experts said that the massive leak also revealed shortcomings in Chinese Internet security laws and online ID protection.
Individual users' privacy rights have been violated, but it is hard for them to defend their rights, said Li Yuxiao, a professor of School of Economics and Management with the Beijing University of Posts and Telecommunications.
"Both websites and hackers are responsible for the loss of information, but it is very hard to hold them accountable because there is no law that states what kind of legal responsibilities websites have in terms of protecting users' data," Li said.
Zhang Qihuai, Director of the Beijing Lanpeng Law Firm, said there are currently "many holes" in the laws that should protect Internet users.
"It's impractical to use the law to protect users because legislators have yet to clarify how exactly the rules should be applied," Zhang said.
Li said that individual users may pursue civil compensation in court, but that it would be difficult for them to prove that hackers were to blame for their financial losses online.
"We are also in dire need of information security legislation to perfect the Web security system and strictly carry out the responsibility system," said Shi.
Email us at: liuxinlian@bjreview.com |