As the digital wave sweeps across the globe, the risk of personal information leakage is increasingly intensifying. When technologies such as facial recognition, big data analytics, and cloud computing reshape society's operational logic, the boundaries for personal information collection have been infinitely expanded. The centralized storage and high-frequency circulation of massive data, which should improve service efficiency, have frequently become "breeding grounds for leaks."

The insurance industry is particularly special, built on the foundation of "risk management" and "customer trust," yet some institutions have put the cart before the horse, making it one of the most vulnerable links in personal information security defenses.

**Illegal Sale of Provincial Car Owner Privacy Data**

On August 5, 2025, the Bengbu Intermediate People's Court in Anhui Province issued a criminal ruling numbered (2025) Wan 03 Xing Zhong 156, which detailed a rare case of large insurance company employees violating citizens' personal information rights.

The judgment shows that in 2018, Yang XX, the general manager of the telemarketing business department of Pacific Insurance Anhui Branch, conspired with former colleague Yang X to sell car purchase data for profit. Yang XX packaged and classified the data by various cities for Yang X to sell externally. The information included names, ID numbers, phone numbers, license plate numbers, vehicle models, VIN numbers, engine numbers, and vehicle insurance initial registration dates.

According to reports, Yang X had been unemployed at home since 2017, occasionally working as an insurance agent to earn living expenses. Yang XX was the provincial telemarketing director of Anhui Pacific Insurance Company and Yang X's former colleague. Yang XX had access to car purchase data for the entire Anhui Province, including VIN numbers, ID numbers, phone numbers, names, addresses, and insurance expiration dates.

In 2018, Yang X conspired with Yang XX to sell car purchase data for profit. Yang XX packaged and classified the data by cities for Yang X, who then sold the information at 0.7 to 0.9 yuan per record according to each city, with profits split 70-30, with Yang X taking 70%.

The buyers were all insurance company employees, including Yu XX, Wang X, Li XX, Tu XX, He XX, and others. Among them, 90,000 records were sold to Li XX for approximately 70,000 yuan; 90,000 records to Tu XX for about 95,000 yuan; 30,000 records to He XX for about 38,000 yuan; 24,000 records to Yu XX for about 18,000 yuan; and 13,000 records to Wang X for around 10,000 yuan.

The judgment further reveals that Yang XX was the former general manager of TIAN AN Property Insurance Anqing Central Branch; He XX was the former head of the telemarketing department at TIAN AN Property Insurance Anqing Central Branch; Yu XX was the former head of the telemarketing department at TIAN AN Property Insurance Huangshan Central Branch; and Wang X was the former deputy manager of China Life Property Insurance Langxi County Branch. Li XX and Tu XX were respectively the former legal representative of Wuhu Qingyi Automotive Services Co., Ltd. and the former main person in charge of Anhui Qiancheng Business Company. The first four individuals were all employees of relevant insurance companies.

To avoid regulation, buyers adopted various methods for transactions and reimbursements. For example, Li XX transferred over 100,000 yuan to Yang X in five installments; Yu XX reimbursed his information purchases under names like "courier fees" and "advertising fees"; and Tu XX would immediately damage or format USB drives after importing their contents to computers to prevent police investigation.

The court ruled in the first instance that the above individuals purchased and used citizens' personal information for auto insurance sales, making marketing calls to unspecified numbers of people, causing disturbance to the lives of citizens whose information was sold. The case involved tens of thousands of citizen information records, all constituting serious circumstances and the crime of infringing citizens' personal information. Li XX, Tu XX, Yang XX, He XX, Yu XX, and Wang X admitted to the charged criminal facts and were willing to accept punishment, receiving lenient sentences according to law.

**Widespread Problems**

This case is merely the tip of the iceberg in the property insurance industry. Beyond the aforementioned personal information trafficking, persistent problems such as "fabricating intermediary business to misappropriate funds," "inaccurate financial data," "failure to use prescribed terms and rates," and "sales misleading" are also common.

As a core business in the property insurance sector, auto insurance is particularly plagued with irregularities. In recent years, some institutions have used the banners of "product innovation" and "service upgrading" while actually circumventing regulation: some expand auto insurance third-party liability coverage under non-auto insurance names, while others operate "insurance-like" services under the guise of "vehicle safety pooling," seriously infringing on consumers' legitimate rights.

In 2019, an Audi 4S store in Zhumadian, Henan Province, required installment car buyers to purchase "theft insurance," but actually substituted a cheap "GPS product liability insurance" for standard motor vehicle theft insurance. This meant that if a car owner's vehicle was stolen and involved claims, they would need to prove that the theft was directly caused by GPS equipment failure, which is almost impossible to substantiate, rendering the so-called "protection" meaningless.

Industry veterans believe that while auto insurance and non-auto insurance both belong to insurance protection, their coverage scopes differ significantly. Covering vehicle risks through liability insurance methods could expose drivers to contract disputes and claim refusal risks in traffic accidents.

Recently, reporters noticed that a model has emerged in the property insurance market where liability insurance is used to assume motor vehicle third-party liability through in-vehicle products. Specifically, third-party technology companies install smart devices on insured vehicles and sign "equipment service agreements" with car owners, claiming to enhance vehicle safety or provide value-added services. Property insurance companies then sign insurance agreements with these technology companies to cover "product liability insurance" for such in-vehicle equipment.

In reality, some institutions cleverly "transplant" this insurance type, forming a "non-auto insurance covering auto insurance" workaround through "equipment + liability insurance" combinations. Such phenomena have long attracted regulatory attention. Previously, since liability insurance products only needed regulatory filing without approval, some insurance companies exploited this regulatory gap to cover risks that should be covered by compulsory traffic insurance or commercial third-party insurance under liability insurance names, effectively breaching regulatory boundaries.

To curb this irregularity, the former China Banking and Insurance Regulatory Commission issued the "Liability Insurance Business Supervision Measures" in late 2020, clearly drawing red lines: liability insurance must not arbitrarily expand coverage boundaries, especially prohibiting the use of liability insurance main or additional coverage forms other than motor vehicle insurance to cover motor vehicle third-party liability. This move was seen as a precise strike against "pseudo-innovation."

According to incomplete statistics, by the end of the first half of 2025, property insurance companies accumulated 483 penalty tickets with total fines reaching 115 million yuan, accounting for over 60% of the entire insurance industry's total penalty amount, remaining a "disaster area" for fines. This set of figures not only reflects that industry compliance shortcomings remain prominent but also reveals that amid performance pressure and regulatory games, some market entities are still testing boundaries and taking risks.