Internet leak of police information was an inside job, says commissioner

PUBLISHED : Sunday, 10 December, 2006, 12:00am
UPDATED : Sunday, 10 December, 2006, 12:00am
 

Police Commissioner Dick Lee Ming-kwai said yesterday the force's preliminary investigations into a police database leak may point to one of its own.


The police chief also confirmed that the leaked data included identifying details - such as the rank and mobile phone numbers - of some 900 police officers. They were discovered on at least one public online chat site last week along with information from about 10 cases, and some training materials.


None of the cases was classified as secret, but the disclosure contravened the privacy code as well as police regulations, Mr Lee said.


Police suspect that someone on the force copied the information from its restricted internal website, where it is readily available, and posted it online. It is not believed the leak was caused by hackers.


'It is obvious that in this incident, someone intentionally took police information and posted it on the internet. This is a serious matter to us,' Mr Lee said.


'Based on preliminary findings, we don't believe our computers were hacked. We believe that someone took this information. Whoever that is must have been able to access our internal website. Usually only staff have access to this.'


The case is being investigated by the police technology crime division and the office of the Privacy Commissioner for Personal Data has been informed, he said.


Mr Lee said there were clear guidelines stipulating that the information was to be used only for investigations or training purposes.


He warned that the police would prosecute anyone found to have broken the law, and that officers who breached internal rules would be disciplined accordingly.


In the meantime, he said the police would examine internal procedures regarding the handling of such data to prevent future leaks.


The incident last week follows one of Hong Kong's largest personal data infringement cases in March, when the details of 20,000 people who lodged complaints against the police were accidentally posted on the internet.


In October, after a seven-month investigation, the privacy commission found that the Independent Police Complaints Council was to blame for the March leak.


Share

 

Send to a friend

To forward this article using your default email client (e.g. Outlook), click here.

Enter multiple addresses separated by commas(,)

For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive