Data protection concerns are increasing everyday due to hacking, data security issues with operating systems and even data infringement by apps. But there might be even more threats to your user data — 22 Apple distributors were arrested in China on Wednesday for selling user data.

Chinese website QQ reported the 22 suspects were charged with illegal access to computer information system data and violations of citizens’ personal information. They had been under investigation since January and are suspected to have gained illegal access to personal information used with the iPhone. Police in Zhejiang province estimate the distributors might have made around 50 million Yuan ($7.36 million) from stolen iPhone user data. The data includes sensitive user information including Apple Ids and phone numbers which were sold in the black market at the rate of 10 - 180 Yuan ($1.50 - $26).

Read: Siri Flaw Leaves Your iPhone Accessible To Anyone, Mobile Data Can Be Turned Off

It is not clear yet how many people affected, but Engadget reported Wednesday that many of the victims were located outside China. Apple did not immediately commented on the breach of its internal database, but it is expected to strengthen user data security measures at the supply chain level.

While it might not be possible for Apple to seal off the supply chain from user data, the arrests highlighted the need for more stringent security measures. Since most smartphone manufacturers have their supply chains in China, it is not yet certain, if other manufacturers faced a similar risk.

The fact iPhone data is at such risk is a little surprising since the company is known for its user data protection. Unlike the open source Android operating system, which is prone to malware, Apple’s iOS is a closed operating system protected by layers of licensing. But the Chinese breach points to an essential flaw in Apple’s way of working, which needs iPhone data to be synchronized using the Apple ID for access to the app store. This means if anyone has access to your Apple ID, they might be able to get the details of your credit card or even make some purchases from the app store, which you did not intend to make.

Read: Apple Can't And Won't Provide Access To iPhone Data To Authorities, Even With A Warrant

As a company, Apple has always gone far and beyond to protect user data. In 2014, the company declared it would not provide any access to iPhone data to government authorities, even with a warrant. The company even stated it had not developed the ability to bypass the iPhone pass code and did not intend to in the future either. This meant Apple surrendered its ability to look into user data, even on legal orders.

"Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or Web-browsing habits to sell to advertisers," Apple CEO Tim Cook stated at the time.