China has fined ride-hailing giant Didi 8 billion yuan ($1.2 billion), regulators announced Thursday, concluding a year-long investigation into alleged data security violations.
The probe found "conclusive evidence" that Didi had committed violations of an "egregious nature", the Cyberspace Administration of China (CAC) said in a statement.
It accused Didi of illegally storing the ID information of more than 57 million drivers in plain text instead of a more secure format.
The regulator said the firm also analysed passenger details without their knowledge -- including photos on their mobile phones and facial recognition data.
"Even when regulatory authorities ordered corrections, comprehensive and in-depth corrections were not carried out," the CAC said, adding Didi's violations took place over seven years starting June 2015.
Didi has been one of the highest-profile targets of a widespread clampdown on China's tech sector, which saw years of runaway growth and the emergence of supersized monopolies before regulators stepped in.
The fine amounts to more than four percent of its $27.3 billion total revenue last year.
"We sincerely accept this decision (and will) resolutely obey it," Didi said in a statement on social media.
"We sincerely thank the competent authorities for their inspection and guidance... We will take this as a warning... (and) further strengthen the construction of network security and data security."
Didi's fine is the largest imposed by Chinese authorities since e-commerce behemoth Alibaba was ordered to pay around $2.75 billion in April 2021 for anti-competitive practices.
The ride-hailing firm got into hot water in June last year after it pressed ahead with an initial public offering in the United States, reportedly against Beijing's wishes.
Days after it raised $4.4 billion in New York, Chinese authorities launched a cybersecurity probe into the company, sending its shares plunging.
Since then, Didi's app has been removed from Chinese stores and it has been unable to register new users.