The Five Eyes intelligence alliance has issued a warning about China’s ongoing campaign to recruit Western nationals via LinkedIn and other professional networks, offering cash in exchange for state secrets and sensitive government or corporate information. The campaign targets individuals with access to classified or commercially valuable data, using social engineering tactics that have been observed for several years but appear to be intensifying. This matters because cloud engineers and architects working on government or defence-adjacent projects are plausible targets given their access to sensitive infrastructure.

Architect’s Take: Review your organisation’s social media and acceptable use policies to ensure staff understand the risks of unsolicited professional outreach, particularly from overseas contacts offering paid consulting or research opportunities. Consider adding LinkedIn-based social engineering scenarios to your security awareness training, especially for teams handling government, defence, or critical national infrastructure workloads.

Original advisory: Five Eyes: Watch out for odd LinkedIn connection requests, China’s back on the hunt for state secrets

The Five Eyes intelligence alliance has issued a warning about China’s ongoing campaign to recruit Western government employees and contractors via LinkedIn, offering cash in exchange for state secrets. The tradecraft involves seemingly innocuous connection requests that escalate into paid intelligence relationships. This is a long-running threat that intelligence officials say continues to grow in scale and sophistication.

Architect’s Take: Cloud security architects with clearances or access to sensitive government cloud environments should review their organisation’s social media policies and ensure staff handling sensitive infrastructure are briefed on LinkedIn-based social engineering. Consider implementing insider threat monitoring and reinforcing acceptable use policies around unsolicited professional contact from unknown foreign nationals.

Original advisory: Five Eyes: Watch out for odd LinkedIn connection requests, China’s back on the hunt for state secrets

Two former RAC employees who sold personal data belonging to car crash victims to claims management companies have been ordered to repay £118,000 under the Proceeds of Crime Act, following earlier sentences of imprisonment and community service. The pair exploited their privileged access to customer data for financial gain, representing a textbook insider threat and data protection failure. The case underscores the real-world financial and legal consequences of misusing access to sensitive personal data.

Architect’s Take: Review and tighten data access controls for employees handling sensitive personal information — implement least-privilege access, robust audit logging, and anomaly detection to identify unusual data exports or queries, particularly in systems holding customer PII.

Original advisory: Duo who sold car crash victims’ data must repay £118k

Two former RAC employees who unlawfully accessed and sold personal data belonging to car crash victims have been ordered to repay £118,000 under the Proceeds of Crime Act, following earlier sentences of imprisonment and community service. The pair exploited their privileged access to customer data systems to pass information to claims management companies. The case highlights the ongoing risk of insider threats and the serious financial consequences now being pursued by regulators and prosecutors.

Architect’s Take: Review and tighten data access controls for staff handling sensitive personal data — implement least-privilege access, robust audit logging, and anomaly detection to identify unusual data exports or queries, particularly in systems holding customer contact or incident data.

Original advisory: Duo who sold car crash victims’ data must repay £118k