Be vigilant, hackers never take a holiday
The case of cybercriminals who stole the database of a Hong Kong travel company shows they are shifting away from more conventional targets
Technology has made every aspect of living more convenient, but it has also made us more vulnerable to criminals. This is not helped when sensitive data such as personal and credit card details are too easily given away. The consequence can be serious when they are not handled with due care. The outcry over the hacking of the database of Worldwide Package Travel Service is a wake-up call for all those who possess customer data. The scale of the problem began to unfold when the listed company gave a belated account of the situation. As many as 200,000 customers had their personal data stolen, including the credit card details of 10 per cent of those. Management refused to pay a seven-digit ransom and reported the case to the police, who later successfully unlocked the database.
Few would expect a travel agency to be the target of hackers. It shows that all are vulnerable when it comes to cyberattacks and, as with all data users, the tour company has the responsibility to protect information it is entrusted with. The hacker, instead of using ransomware such as WannaCry that wreaked havoc worldwide in May, was said to have broken into the system and seized control. Management said system security was regularly updated and had been inspected by a third-party contractor earlier this year. But it proved inadequate.
The Computer Emergency Response Team Coordination Centre of the Productivity Council reported 309 incidents involving ransomware last year. Another 140 cases were recorded in the first six months of this year, 40 of which involved WannaCry. But a cybersecurity company painted a grimmer picture, with a survey showing more than 60 per cent of small and medium-sized businesses have experienced a cybersecurity breach in the past three years, making the city the second most vulnerable in Asia-Pacific.
As the world becomes more connected, the need for vigilance has never been higher. With nearly everything being done online these days, hackers are shifting away from conventional targets such as the finance sector to firms with less stringent data security. The incident is a reminder that cybersecurity cannot be taken for granted.