Cyberattack on Hong Kong news agency FactWire leads to unauthorised access of subscriber data
- Agency says its website, internal system and newsletter delivery operations were attacked, but that information on donor list was not accessed
- IP address shows hacking was done from Hong Kong, and it gained access to email addresses, registration records of FactWire’s newsletter subscribers
A cyberattack on a Hong Kong news agency last month led to the unauthorised access of information on 3,700 subscribers.
FactWire on Wednesday said its website and internal system had been hacked recently. While staff were trying to fix the security breach, the agency discovered its newsletter delivery operations had also been attacked on April 13.
The information accessed include the email addresses of more than 3,700 subscribers registered from July 2017 to January 2021, and the names of about 1,000 subscribers registered from November 2018 to October 2019.
“The IP address shows that the hacking was done from Hong Kong and that it had obtained access to the registration records of our newsletter subscribers. We sincerely apologise to all the affected subscribers for this,” a statement from FactWire read, adding the information on a donor list had not been accessed.
“We could not see any record of the information being exported, but there could be a possibility that the hacker had recorded the accessed information using other methods.”
In the wake of the incident, the news agency temporarily suspended the delivery of newsletters to build a new system. Measures were taken to ensure all personal information, including those of donors and whistle-blowers, was securely stored.
Earlier this week, police launched a criminal investigation after more than 20 unauthorised push notifications were sent out via the mobile app of Hong Kong’s biggest free-to-air broadcaster.