DiDi Global faced a $740 million settlement in a class-action lawsuit for allegedly defrauding investors by concealing a Chinese government order to delay its June 2021 IPO until cybersecurity and privacy concerns were resolved. The company proceeded with the IPO, raising $4.4 billion, but shortly after, China’s Cyberspace Administration banned new customer registrations and removed the DiDi Travel app from app stores. The regulator later imposed a $1.2 billion fine (July 2022) for data security violations. The incident triggered a sharp decline in DiDi’s stock value, eroding investor trust and leading to significant financial losses, including a second-quarter loss tied to the settlement provision. The case highlights regulatory non-compliance in cybersecurity, resulting in reputational damage, financial penalties, and legal repercussions, undermining the company’s market position and operational stability.
Source: https://www.claimsjournal.com/news/national/2025/09/11/332904.htm
TPRM report: https://www.rankiteo.com/company/didiglobal
"id": "did3292232091125",
"linkid": "didiglobal",
"type": "Breach",
"date": "6/2021",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Technology/Transportation',
'location': 'China (Headquarters in Beijing)',
'name': 'DiDi Global Inc.',
'size': 'Large (Valued at ~$67.5 billion during IPO)',
'type': 'Public Company '
'(Ride-Hailing/Transportation)'}],
'date_publicly_disclosed': '2021-07',
'description': 'DiDi Global agreed to a $740 million settlement in a '
'class-action lawsuit accusing the company of defrauding '
'investors by concealing a Chinese government order to delay '
'its June 2021 IPO until cybersecurity and privacy concerns '
'were resolved. The company faced regulatory penalties, '
'including a $1.2 billion fine from China’s Cyberspace '
'Administration, a ban on new customer registrations, and the '
'removal of its app from stores. The settlement, pending '
'judicial approval, follows DiDi’s disclosure of setting aside '
'funds for the accord, resulting in a second-quarter loss.',
'impact': {'brand_reputation_impact': 'Significant (share price tumble, '
'regulatory scrutiny, investor '
'distrust)',
'financial_loss': '$740 million (settlement) + $1.2 billion '
'(regulatory fine)',
'legal_liabilities': '$740 million settlement + $1.2 billion fine',
'operational_impact': ['Ban on new customer registrations',
'App removal from smartphone stores',
'Second-quarter financial loss']},
'investigation_status': 'Settlement pending judicial approval (as of '
'mid-October 2023)',
'motivation': ['Regulatory Enforcement',
'Data Privacy Compliance',
'Investor Protection'],
'post_incident_analysis': {'corrective_actions': ['Settlement agreement',
'Compliance overhaul '
'(implied)'],
'root_causes': ['Failure to disclose regulatory '
'orders to investors',
'Non-compliance with Chinese '
'cybersecurity/privacy laws']},
'references': [{'source': 'Reuters'}],
'regulatory_compliance': {'fines_imposed': '$1.2 billion (CAC) + $740 million '
'(settlement)',
'legal_actions': ['Class-action lawsuit (In re DiDi '
'Global Inc Securities '
'Litigation)',
'CAC regulatory penalties'],
'regulations_violated': ['Chinese Cybersecurity '
'Laws',
'Privacy Regulations',
'U.S. Securities Laws '
'(alleged investor fraud)'],
'regulatory_notifications': ['CAC ban on new '
'registrations',
'App removal from '
'stores']},
'response': {'communication_strategy': ['Public disclosure of settlement',
'Legal filings in U.S. District '
'Court'],
'remediation_measures': ['Negotiation of $740 million settlement',
'Compliance with CAC orders']},
'threat_actor': 'Chinese Government (Cyberspace Administration of China - '
'CAC)',
'title': "DiDi Global's $740 Million Settlement Over Concealed Cybersecurity "
'and Privacy Concerns in 2021 IPO',
'type': ['Regulatory Non-Compliance',
'Investor Fraud',
'Cybersecurity Violation',
'Privacy Violation']}