Hong Kong jewellery chain investigates claims hacker is ransoming data of 5 million customers
- Parent company of Lukfook Jewellery says it is investigating alleged incident after being told about underground forum post selling data for more than HK$190,000
- Claim is still being verified, but police and city’s privacy watchdog have been notified, company adds
A major Hong Kong-based jewellery chain is attempting to verify claims that a hacker accessed the records of 5 million customers and is seeking a ransom of more than HK$190,000 (US$24,310) in cryptocurrency.
The alleged incident is the second to come to light in the past two days, after the city’s privacy watchdog launched an investigation into the leak of more than 8,000 students’ data at a private vocational college.
Luk Fook Holdings said on Friday evening that it learned “on or about May 7” of a threatening post to an underground forum by the suspected hacker.
“The threat actor claimed to have access to the customer records of the group and invited bids for access to such records,” it said.
The business group said it was conducting an investigation with the help of a cybersecurity consultancy firm.
The post claimed that the forum user had the membership information of 5 million Lukfook Jewellery customers and planned to sell the data for 25,000 Tether coins, worth about HK$195,000.