Sanrio Digital admitted 3.3 million accounts had been vulnerable after a US-based IT specialist helpfully notified it. The company, which is partly owned by Sanrio, the Japanese owner of the Hello Kitty brand, said it had fixed the hole and that it believed no data had been stolen. But who knows?

This is the second data scare in as many months.

VTech, the educational toy giant, admitted last month that the confidential information of 6.4 million children and 4.9 million adults worldwide was stolen after its database was hacked.

The unencrypted data included names, passwords, secret questions and answers for password retrieval, IP addresses, postal addresses, download histories and children’s names, genders and birth dates. British police arrested a 21-year-old man last week in connection with the VTech hack.

VTech’s breach is much more serious than Sanrio Digital’s.

READ MORE: Hong Kong Hello Kitty fan site left user details exposed, but no personal data stolen, say owners

Indeed, the listed company’s corporate reputation is now on the line, as its biggest market is in the US where cybersecurity is taken very seriously by corporations there. But if these two incidents do not sound an alarm bell for companies in Hong Kong, nothing will.

Hong Kong prides itself on being a highly connected city in cyberspace. Yet, internet security awareness is low among individuals and corporations.

Witness the massive data breach at Sony Pictures in the United States last year. Several top executives had to fall on their own swords. If Hong Kong bosses care nothing about securing data for their clients, they should at least care about their jobs.

It’s the season of goodwill. Let me wish my readers and their children happy and safe surfing on the internet.