My Take | Scandals expose the vulnerability of Hong Kong’s cyber defences

Hong Kong has spent the last four years energetically tackling a wide range of perceived threats to national security. But one area in which more security is desperately needed is in the prevention of personal data leaks. The city has suffered a wave of serious hacking attacks and glaring data privacy breaches.

The latest scandal concerns the Companies Registry. The online database leaked personal details of 110,000 people, including names, passport and identity card numbers and residential addresses. Hong Kong’s privacy watchdog launched an investigation after the registry suspended online access on April 19. It is worrying for those affected, who are being warned to watch out for signs that their personal data is being abused, including checking their bank accounts for unauthorised transactions.

Clearly, the registry must swiftly review its systems, step up security measures and close any gaps in the portal’s defences.

The leak would be less of a concern if it was an isolated case. But this was the third time in a week a public body had hit the headlines because of a data security breach, following a string of similar cases in recent months.

Last week, the Office of the Privacy Commissioner for Personal Data announced it was investigating the leaking of the personal data of 17,000 residents collected by the Electrical and Mechanical Services Department during the pandemic in 2022. There had been a failure in the department’s password login system.

The watchdog also revealed the Consumer Council breached privacy rules when the personal information of more than 470 people was leaked in a cybersecurity attack. Hackers gained access to an administrator account in September and carried out malicious activities while trying to force the council to pay a US$500,000 ransom.