Hong Kong Cyberport data breach last year affected 13,632 staff and jobseekers, privacy watchdog says, slamming cybersecurity oversights
- Privacy commissioner’s investigation finds personal data such as ID card and passport numbers of more than 13,000 people stolen in Cyberport breach
- Hackers struck in August last year, with technology hub only revealing breach in September after cybersecurity platform raised alarm
The Office of the Privacy Commissioner for Personal Data said on Tuesday that it sent an enforcement notice to the government-funded technology hub last week, demanding it carry out a list of improvements and submit a report within two months.
“[The] investigation revealed that Cyberport had failed to implement sufficient and effective measures to ensure the security of its information systems and security,” privacy commissioner Ada Chung Lai-ling said.
The privacy watchdog’s investigation looked into the Cyberport data breach, which occurred in August last year.
The investigation found the breach involved the personal data of 13,632 people, 8,000 of whom had employment ties with the company, including 5,292 unsuccessful applicants and former employees. Others were managerial staff, interns and business partners.
The personal data stolen included names, as well as ID card and passport numbers, while some victims had their financial information such as bank account numbers, medical reports, photos, birth dates, social media accounts and academic information leaked.
Thirteen Windows systems and two virtual servers were compromised.