Leak reveals officers' nicknames, operational procedures and victims' personal data Documents detailing police undercover operations have been uploaded to the Web, it was revealed yesterday in the latest data leak incident. At least nine copies of allegedly classified documents, including investigation reports and information report forms, were discovered through a file-sharing programme called Foxy - the same software through which a rookie immigration officer leaked 29 files earlier this month. The documents have been accessible on Foxy since Friday. A police spokesman declined last night to confirm whether the files were genuine. The technology crime division of the commercial crime bureau would follow up the incident, he said. A spokeswoman for the Office of the Privacy Commissioner said the watchdog was very concerned about the incident and would contact the police for further information. One of the leaked files, believed to be a written report of a constable who had gone undercover to buy illegal drugs in a disco in January last year, discloses three agents' nicknames and operational procedures. An investigation report of a stolen goods case also records personal information, such as the name and identity card number of the victim and the caller. Lawmaker Lau Kong-wah, chairman of the Legislative Council's security panel, said the incident was very serious and called on the Security Bureau to step in and issue security guidelines for all the disciplined forces. 'At this moment, not only the public, but the police officers themselves are very worried,' Mr Lau said. Police had to stop the circulation of such documents immediately, he said, and the force had to raise officers' awareness of security issues. Hong Kong Police Inspectors' Association chairman Tony Liu Kit-ming said the files appeared to be police documents and the leak could be the result of officers taking work home. 'It is common for frontline officers to write their reports at home and it poses risks to security,' he said. 'But they have too many things to be finished and working at home is the only way.' The undercover operation described in the documents could have been a short-term one and the agents involved had probably been transferred to other cases and the leak would no longer constitute a risk to their safety, he said. Roy Ko Wai-tak, manager of the government-backed Hong Kong Computer Emergency Response Team Co-ordination Centre, said the public should be aware of the use of file-sharing software. Most users overlooked risks when sharing files with others, which might contribute to repeated leaks, he said. Double security systems should be added to both home computers and organisations' networks. 'In addition to installing the anti-virus software on the home computer, a protected network, such as Virtual Private Network (VPN), should be installed when allowing employees to access an intranet,' he said. But Internet Society Hong Kong chairman Charles Mok said such leaking accidents could not be avoided unless organisations stopped employees taking documents outside the office, because it was difficult to monitor the security system of the staff member's home computer. He also said members of the public should stop using file-sharing programmes. 'Downloading files through such software could introduce a Trojan, a computer worm, which leads to further information leakage,' he said. Legco's security panel will meet on Friday to discuss the data leaks.