China's top court has emphasized the need to safeguard data security and protect individual rights in the digital age, releasing a landmark case in which two individuals were sentenced to prison for acquiring and disclosing more than 900 million pieces of personal information online.

As technology rapidly advances, criminal methods have become increasingly sophisticated and concealed. "This has resulted in the theft, leakage and sale of sensitive personal data, often due to inadequate data management by certain governments, enterprises and online platforms," the Supreme People's Court said on Friday.

It noted that some criminals exploit acquired personal data to engage in activities such as fraud, extortion and "box-opening", which severely harm individuals' personal and financial safety and pose substantial threats to public security and social order.

In the highlighted case, two defendants surnamed Lin and Wang illegally obtained personal information through encrypted communication tools and other internet channels between 2023 and 2025. Lin acquired more than 600 million pieces of personal data, while Wang obtained over 300 million pieces.

They subsequently sold the information for profit through methods including virtual currency payments. Lin also collaborated with another individual to set up an online group with more than 2,000 members, using the personal data to insult and abuse others.

After hearing the case, the Beijing Haidian District People's Court ruled that Lin and Wang were guilty of illegally obtaining and selling personal information, classifying their offense as "extremely serious".

Lin was sentenced to seven years in prison and fined 70,000 yuan ($10,287), while Wang received a prison term of five years and six months and was fined 50,000 yuan.

The Beijing court said such malicious acts of publicly disclosing others' personal information, including names, identity card numbers, phone numbers, home addresses, whereabouts and social media accounts, are known as box-opening, or doxing. The acts are often followed by inciting netizens to launch verbal attacks, harassment and cyberbullying.

"Doxing brings great physical and mental harm to victims and their families, as well as severely disrupts public order and social stability," the top court said. It underscored that the security of personal information concerns everyone, adding that cracking down on such acts is necessary to maintain order in cyberspace and foster a healthy online ecosystem.

On Friday, the top court also unveiled details of four other notable cases involving personal information infringement, calling on judges to continue intensifying the crackdown on the crime and related offenses such as extortion and fraud.

In one case, from February to July 2022, two defendants jointly funded the purchase of a Trojan program online and implanted it into an official booking website to illegally obtain more than 290,000 records of HPV vaccine appointment information stored on the site.

The pair then rented a virtual host server, uploaded the illegally obtained website source code to a domain service space and created a counterfeit phishing website. They organized a team with different assigned roles and used a platform to mass-send messages claiming successful vaccine appointments, luring recipients into clicking phishing links.

By impersonating doctors and customer service representatives, they used tactics such as price adjustments, priority appointments and reordering for discounts to defraud 51 victims of more than 580,000 yuan.

The two ultimately received prison terms of 12 years and 11 years and nine months, respectively, for personal information infringement and fraud, along with fines, according to a ruling by a court in Jiangsu province.

The top court said the criminals took advantage of women's health concerns by breaching a legitimate vaccine appointment website to illegally acquire personal information, which they then used for targeted fraud.

"Such actions warrant severe penalties due to their grave violation of personal data security and property rights," it added.