My Take

Have yourself a merry little holiday of safe surfing

Two recent online data breaches should sound alarm bells for companies in Hong Kong

PUBLISHED : Thursday, 24 December, 2015, 1:14am
UPDATED : Friday, 04 March, 2016, 2:59pm

It’s a good thing my wife is partial to My Melody, the also-ran bunny friend of Japan’s megastar Hello Kitty.

More than three million accounts of Hello Kitty fans, many from Hong Kong, were left vulnerable to cybertheft by hackers, after Hong Kong-based Sanrio Digital inadvertently left a back door open to its data network for nearly a month.

READ MORE: Hello Kitty hack threat eyed in Privacy Commissioner probe

Imagine if my wife had registered on the site. Hackers could have learned all about the names, ages and gender of our family members, including those of our cats and dogs. Note to wife: have you joined any My Melody fan club on the web?

Sanrio Digital admitted 3.3 million accounts had been vulnerable after a US-based IT specialist helpfully notified it. The company, which is partly owned by Sanrio, the Japanese owner of the Hello Kitty brand, said it had fixed the hole and that it believed no data had been stolen. But who knows?

This is the second data scare in as many months.

VTech, the educational toy giant, admitted last month that the confidential information of 6.4 million children and 4.9 million adults worldwide was stolen after its database was hacked.

The unencrypted data included names, passwords, secret questions and answers for password retrieval, IP addresses, postal addresses, download histories and children’s names, genders and birth dates. British police arrested a 21-year-old man last week in connection with the VTech hack.

VTech’s breach is much more serious than Sanrio Digital’s.

READ MORE: Hong Kong Hello Kitty fan site left user details exposed, but no personal data stolen, say owners

Indeed, the listed company’s corporate reputation is now on the line, as its biggest market is in the US where cybersecurity is taken very seriously by corporations there. But if these two incidents do not sound an alarm bell for companies in Hong Kong, nothing will.

Hong Kong prides itself on being a highly connected city in cyberspace. Yet, internet security awareness is low among individuals and corporations.

Witness the massive data breach at Sony Pictures in the United States last year. Several top executives had to fall on their own swords. If Hong Kong bosses care nothing about securing data for their clients, they should at least care about their jobs.

It’s the season of goodwill. Let me wish my readers and their children happy and safe surfing on the internet.