‘Small portion’ of customer data accessed without authorisation in security breach at Hong Kong online shopping platform

A security breach at one of Hong Kong’s largest online shopping platforms last month led to the unauthorised access of customer information such as delivery addresses, recipient names and contact numbers.

Hong Kong Technology Venture Company Limited (HKTV), HKTVmall’s parent company, said on Friday it had detected “abnormal and suspicious activities” in its computer systems on January 26 as servers located in other Asian regions gained unauthorised access to customer information on its delivery platform.

“A small portion of the 4.38 million registered customer information at HKTVmall was accessed,” it wrote in a statement.

“HKTV has immediately contained the event and conducted a thorough investigation. It has since engaged one international and one local leading cybersecurity firm on January 27, 2022 to conduct investigation, and to further enhance HKTVmall’s robust network and system security measures in addition to the current 24-hour network security monitoring.”

It added that there was no evidence of financial loss or misuse of customer data, while credit card information and order details were untouched.

HKTVmall is one of the city’s most popular online retailers. In January, it handled nearly HK$700 million (US$89.9 million) worth of purchases, processing a daily average of about 47,400 orders.

Based on its investigation, it concluded that the affected customer information might include names of account holders, encrypted and masked login passwords, email addresses, recipients’ names, delivery addresses and contact numbers for orders placed between December 2014 and September 2018.

The date of birth, recipients’ names and email addresses for HKTVmall accounts linked to Facebook accounts and Apple ID might also have been accessed.