Details of 600 insurance holders found on Google
Records relate to policies bought from ING Life
More evidence emerged yesterday of security breaches making personal particulars available on the internet, as police chiefs scrambled to plug a loophole that allowed private details of complainants against the police to be leaked.
A South China Morning Post search found details of about 600 insurance policyholders freely available in the archives of the Google search engine, although the original file and website had been removed.
Meanwhile, telecommunications company CSL apologised for having leaked the personal records of some of its customers, which were also still available yesterday in the Google cache.
The Post found a database containing records of customers who bought insurance from ING Life between 1984 and 2004. It contained data on the type and amount of coverage bought, and beneficiaries' names, phone numbers, dates of birth and addresses.
The data was found in Google's cache in a search for database files.
Neither the original file nor the website on which it was posted, chings.no-ip.com, were still active. The search engine showed the information in the cache was retrieved on June 24 last year.
ING Life spokeswoman Carolyn Chung said she believed the records were leaked accidentally by an insurance agent.
'The agent took the file home to his personal computer. We believe his computer was hacked when he went online and that was how the file was leaked.'
Ms Chung said the company learned of the incident yesterday through the agent, after a client contacted the agent about the leaked information. She said the company was investigating the matter and had contacted Google to ask that the data be removed.
'This is a very serious problem, although we do believe that it was an isolated case,' Ms Chung said, adding that concerned customers could call the company's 24-hour hotline.
One of the clients, Patrick Yip Chi-wai, said he was a former assistant manager at ING Life and had trained insurance agents before leaving the company in 2003.
'We had a section that dealt with the personal data ordinance and did teach our agents to be careful with clients' data,' Mr Yip said.
He said he was concerned but not shocked to learn of the leak, as ING had many agents. 'So far there's no proof any harm has been done or that I've suffered any loss.'
Insurance sector legislator Bernard Charnwut Chan said stricter guidelines and better enforcement were needed.
'I'm sure the agent did not intend the information to be leaked but this could serve as a very good lesson to the whole industry.'
The Office of the Privacy Commissioner said it was not aware of the case but would investigate.
CSL said the data on its customers had been leaked by 'manual mishandling [by] our service provider during the process of customer information arrangements'.
It said it had contacted search engines to remove the relevant webpages. Last night, however, the information could still be accessed through Google's cache.
The cases have come to light since the Post reported on Friday that the data of about 20,000 people who filed complaints against police was available on the internet.