Online platform Carousell violated Hong Kong privacy laws, watchdog finds, after data of over 320,000 locals leaked

Office of the Privacy Commissioner for Personal Data says second-hand goods selling platform Carousell reported breach relating to 2.6 million global users in October

More than 320,000 affected locally, watchdog says, with company served enforcement notice to ensure it remedies situation and prevents its recurrence

Reading Time:3 minutes

The privacy watchdog says email addresses, phone numbers and birthdays were among the personal data leaked. Photo: Shutterstock

Published: 2:37pm, 21 Dec 2023Updated: 10:09pm, 21 Dec 2023

Popular online marketplace Carousell violated Hong Kong’s privacy laws, a watchdog said on Thursday, following the discovery of the personal data of more than 320,000 local users on sale on the dark web.

The Office of the Privacy Commissioner for Personal Data announced the findings from its investigation into the leak, which the platform reported in October last year, calling the incident “serious” given its scale.

“With regards to the information leaked, it involves email addresses, phone numbers, birthdays, birth months and years,” privacy commissioner Ada Chung Lai-ling said.

“We think this situation is serious, especially since it involves more than 320,000 users.”

Carousell discovered in October 2022 that the personal data of 2.6 million users, among which 324,232 were from the city, was being sold online. The platform told the watchdog and the affected users following the incident.