Personal information leakage has become a hidden accomplice behind online lending traps. While notorious violent debt collection garners more attention, privacy infringement operates through more covert methods.
Investigations reveal that in the online lending sector, illegal collection and use of personal information causes harm comparable to violent collection practices. Shocking cases of borrowers revolving loans and forced high-interest disbursements are often facilitated by personal data trafficking.
If trading personal information enables targeted marketing, then illegal data collection creates conditions for customized exploitation. When combined by underground industries, these practices leave victims financially drained.
Zhang Ting (pseudonym), a 25-year-old graduate, descended into loan recycling within two years of graduation due to job instability and personal vanity. Initially owing less than 10,000 yuan across three legitimate platforms, she now faces over 20 loans with accumulating interest. The invisible hand behind her debt spiral was the black market data trade - where collection calls were consistently followed by loan中介 offers, creating a cycle of new loans repaying old ones.
The turning point came when black market intermediaries contacted her using leaked personal data. She realized platforms and third-party collectors were colluding with these intermediaries to push borrowers deeper into debt.
Beyond intermediaries, underground lending platforms also profit from personal information. Zhang Cheng (pseudonym) from Shenzhen, despite being cautious with platforms charging over 36% interest, unexpectedly received an unsolicited 2,000 yuan loan last October. The lender had purchased his bank account details and contact list from other platforms, enabling forced disbursement without even requiring application. When he resisted the exorbitant interest, the platform threatened to expose his contacts to family and friends.
Such cases represent only the tip of the iceberg in personal data trafficking. Using personal information for customer acquisition has become an open secret in online lending, though operating more subtly than violent collection practices.
Last October, Ping An Consumer Finance app was reported for violating user rights by requiring blanket authorization to share data with 18 affiliated companies. Meanwhile, financial lending apps frequently appear in regulatory reports for illegal personal information collection.
In January, Shandong police uncovered a case where criminals purchased user data at 10-15 yuan per record from financial apps to target loan seekers. The gang would then profile victims' family and financial situations under the guise of offering customized loan plans, actually screening for vulnerable targets.
While less extreme than criminal operations, legitimate financial apps also violate data collection principles. Statistics show 29 banking apps were reported for illegal data practices in 2025, up from 17 in 2024, including both commercial and rural banks. Lending and fintech apps face even more frequent sanctions.
China's regulatory framework has been strengthening personal information protection. The Consumer Rights Protection Law Implementation effective July 2024 specifically prohibits excessive data collection and requires clear consent mechanisms. The December 2024 Data Security Management Measures for banking institutions further mandate minimal and authorized data collection for financial purposes.
Financial consumers should remain vigilant about privacy permissions and leverage legal protections against infringement.
Comments