Why a Database Admin’s Data Deletion Led to a 7‑Year Prison Sentence

Case Overview

According to media reports, Han Bing, a former database administrator at Chinese real‑estate brokerage Lianjia, was sentenced to seven years in prison for logging into the company’s system and deleting its data.

In June 2018, Han used his administrative privileges and the “root” account to access the financial system and erased all data from two database servers and two application servers, causing immediate paralysis of most of Lianjia’s operations, preventing tens of thousands of employees from receiving wages and resulting in a direct loss of about US$30,000.

The indirect loss was far larger because Lianjia operates thousands of offices across China, employs over 120,000 agents, has 51 subsidiaries and an estimated market value of US$6 billion.

Investigation

The Haidian District People’s Court disclosed that Han was one of five main suspects. When investigators asked for the password of his laptop, Han refused, claiming the device contained personal data and that the password could only be given to public security authorities or entered by him in person.

Investigators noted that such an operation would leave no trace on the laptop, so they conducted routine checks on the five employees’ responses. Ultimately, technical staff retrieved server access logs, traced the activity to a specific internal IP and MAC address, and correlated Wi‑Fi connection logs and timestamps with CCTV footage to confirm the suspicion.

The forensic report from the National Information Center’s Electronic Data Judicial Appraisal Center identified the IP 10.33.35.160 as belonging to the network area of the FuDao Building in Haidian.

Forensic analysis concluded that Han used the shred and rm commands to delete the database. The rm command removes file links, while shred overwrites data three times, making recovery impossible.

Employee Discontent

Surprisingly, Han had repeatedly reported security vulnerabilities in the financial system to his superiors and even emailed other administrators to raise his concerns, but his suggestions were ignored because department leaders never approved his proposed security projects.

Two weeks later, the finance team was moved to the information line, and Han and a colleague reported the security issues to the information line leader Zhou Xiaolong, suggesting a security project, but the proposal was still rejected, leading to a dispute with Zhou.

According to testimony, Han was transferred in February 2018 from the headquarters in Chaoyang to the Haidian campus, felt undervalued, and after the transfer showed signs of disengagement, frequent tardiness, and absenteeism. Surveillance footage shows him arriving at the office around 11 am on June 4, 2018, and leaving around 6 pm.

Other Similar Incidents

Similar “delete‑database” incidents have occurred:

On 23 February 2020, He, disgruntled after personal financial difficulties, connected to a VPN and deleted all data on Weimeng’s servers, causing a service outage for over 3 million users. The outage lasted 8 days 14 hours, with total economic loss exceeding CNY 22.6 million. He was sentenced to six years in prison for damaging a computer information system.

On 13 April 2020, Wang, angry after his code for an OBS object‑storage service was rejected, used a root account to modify the code on a Huawei cloud server, causing platform instability and delaying the distribution of government e‑vouchers to 11,225 members. He received five months’ detention with a six‑month suspended sentence.

These cases warn all technologists that while deleting a database may be easy, fleeing the consequences is not.

The article concludes by urging companies to implement robust security measures while also treating their technical staff fairly.