When a Developer Deletes Their Own Code: Legal Consequences and Lessons for Information Security

Case Overview

In March 2021, a 29‑year‑old programmer named Lu was hired by a Beijing‑based IT company to develop code for JD.com’s delivery platform. He resigned on June 18, 2021, the day of a major JD.com promotion, and that same day accessed the code‑control platform (hosted in Shanghai) with his personal account, deleting the coupon, budgeting, and subsidy code he had written.

The deletion caused project delays, and the company later spent about ¥30,000 hiring a third‑party firm to restore the database, while Lu compensated ¥35,000 to the company.

Legal Judgment

Lu was arrested on September 23, 2021, and the Shanghai Yangpu District People’s Court sentenced him to ten months’ imprisonment for “destroying computer information systems,” a crime under Article 286 of the Chinese Criminal Law. Because he voluntarily confessed and compensated the victim, the court applied a reduced sentence.

Public Discussion

Netizens debated several points: the extent of Lu’s permissions, why the company needed to pay a third‑party for data recovery despite version‑control backups, and the broader implications for code ownership and employee conduct. The case highlighted that even self‑written code remains the employer’s property and that reckless deletion can lead to severe legal consequences.

Similar incidents, such as the 2020 SaaS platform data loss and other cases of developers creating malicious tools, were cited to illustrate the seriousness of computer‑system sabotage.

Relevant Laws

Violating state regulations by deleting, modifying, adding, or interfering with the functions of a computer information system, causing it to malfunction, may result in up to five years’ imprisonment or detention; if the consequences are especially serious, the term exceeds five years.

Violating state regulations by deleting, modifying, adding, or interfering with data or applications stored, processed, or transmitted by a computer information system, with serious consequences, is punished according to the preceding clause.

Willfully creating or distributing computer viruses or other destructive programs that affect normal system operation, with serious consequences, is punished according to the first clause.

These legal provisions underscore that destroying code or data without authorization is a criminal act, reinforcing the need for robust access controls and ethical conduct in software development.