China has fined ride-hailing giant Didi 8 billion yuan ($1.2 billion), regulators announced Thursday, concluding a year-long investigation into alleged data security violations.
The probe found "conclusive evidence" that Didi had committed violations of an "egregious nature", the Cyberspace Administration of China (CAC) said in a statement.
It accused Didi of illegally storing the ID information of more than 57 million drivers in plain text instead of a more secure format.
The regulator said the firm also analysed passenger details without their knowledge -- including photos on their mobile phones and facial recognition data.
"Didi's illegal operations have brought serious security risks to the security of the country's key information infrastructure and data security," CAC said.
"Even when regulatory authorities ordered corrections, comprehensive and in-depth corrections were not carried out," it added.
Didi's violations took place over seven years starting June 2015, according to the regulator.
CAC also accused Didi of unspecified national security violations in its data processing activities.
The firm was also found to have violated the Cybersecurity Law, Data Protection Law and Personal Information Protection Law –- a landmark code introduced last year that is modelled on the European Union's GDPR legislation.
- Tech crackdown -
Didi has been one of the highest-profile targets of a widespread clampdown on China's tech sector, which saw years of runaway growth and the emergence of supersized monopolies before regulators stepped in.
The fine amounts to more than four percent of its $27.3 billion total revenue last year.
"We sincerely accept this decision (and will) resolutely obey it," Didi said in a statement on social media.
"We sincerely thank the competent authorities for their inspection and guidance... We will take this as a warning... (and) further strengthen the construction of network security and data security."
Didi's fine is the largest imposed by Chinese authorities since e-commerce behemoth Alibaba was ordered to pay around $2.75 billion in April 2021 for anti-competitive practices.
The ride-hailing firm got into hot water in June last year after it pressed ahead with an initial public offering in the United States, reportedly against Beijing's wishes.
Days after it raised $4.4 billion in New York, Chinese authorities launched a cybersecurity probe into the company, sending its shares plunging.
Since then, Didi's app has been removed from Chinese stores and it has been unable to register new users.
China's regulatory crackdown has eased this year as it grapples with the economic fallout from its zero-Covid strategy, with the country struggling to reach its 5.5 percent growth target.
However, there is still a strict regulatory environment for tech firms: President Xi Jinping last month called for stronger oversight and better security in the financial tech arena.