China's Ministry of State Security issued a notice on Sunday on its official WeChat account, warning that outsourcing data storage to third-party providers could pose hidden national security risks, following a reported cyberattack by overseas hackers on the database of a domestic e-commerce platform.

Data hosting services allow companies to entrust their data to specialized third-party firms for storage, maintenance and security management. While such arrangements can reduce costs and improve efficiency, the notice cautioned that risks remain.

To reduce cost and improve operational efficiency, many enterprises choose to store and circulate data through hosting companies, described in the notice as "digital super banks." However, behind the efficient business model lurk potential data leaks that could threaten national security and require heightened vigilance, the notice warned.

In one example, some entities handling classified information failed to strictly review the confidentiality qualifications and security capabilities of data hosting providers, laying the groundwork for data breaches. On an industry forum, customer information from financial institutions was found to be on sale. The source was traced to a small technology company lacking financial data processing credentials. The company had falsely advertised its data hosting services, and employees exploited management loopholes to download customer data and sell it on the dark Web, leading to large-scale privacy breaches and posing risks to national financial security.

In another case, an employee of a data hosting service provider, burdened by heavy debts, took advantage of weak oversight by a classified unit that had outsourced its experimental data storage and maintenance. The unit had failed to establish effective supervision mechanisms over access to server rooms and data retrieval.

The notice also warned that foreign espionage and cybercrime groups have increasingly targeted the data hosting sector. In one incident, an overseas hacker organization used big data analysis to identify and infiltrate a Chinese e-commerce platform's database, planting malware to carry out phishing attacks and seize key access privileges. Large volumes of user data were stolen, including sensitive information related to procurement for key national infrastructure projects and high-end scientific research materials.

Data security is an integral part of national security, the notice stressed, citing the China's Data Security Law, which requires entities engaged in data processing to fulfill data protection obligations and refrain from harming national security, public interests, or the lawful rights of individuals and organizations.

The ministry urged companies outsourcing data services to strengthen internal supervision, rigorously review contractors' qualifications, clearly define confidentiality responsibilities in contracts, and conduct regular risk assessments. Both clients and service providers should enhance staff management and carry out routine confidentiality training to jointly safeguard national data security, the notice said.