Core Insights - A significant case of personal information leakage involving 800,000 records has been reported in Gansu Province, highlighting vulnerabilities in data protection and the rise of a "decryption intermediary" industry due to the enforcement of the Personal Information Protection Law [3][4]. Group 1: Crime Methodology - The "no inventory e-commerce" model allows merchants to sell orders to other merchants who fulfill them, creating a profit margin for the original seller. This model has been disrupted by new data protection laws, leading to the emergence of decryption intermediaries [4]. - The criminal operation involved a network where insiders from courier companies provided access to encrypted order information, which was then sold to "no inventory e-commerce" merchants, forming a complete crime chain [4][5]. - Law enforcement has arrested 18 individuals and seized over 800,000 personal records and more than 350,000 yuan in cash, indicating the scale of the operation [4]. Group 2: Industry Implications - The case illustrates a common issue in the industry where internal management failures and poor control over access rights lead to data leaks, often involving insiders [5]. - The reliance on third-party vendors in business processes increases the risk of information leakage, as smaller companies may lack the necessary technical capabilities and management structures [5]. - Experts suggest that the low technical barrier for such crimes poses significant risks, emphasizing the need for improved legal frameworks and corporate data protection measures to mitigate these vulnerabilities [5].