Data leaks show need for greater vigilance

  • Sensitive personal credit details relating to Hong Kong leader Carrie Lam and Financial Secretary Paul Chan were accessed by a local newspaper in the latest security breach
PUBLISHED : Tuesday, 04 December, 2018, 5:52pm
UPDATED : Tuesday, 04 December, 2018, 10:18pm

Despite a recent spate of serious personal data leaks, security measures still fall short of the required standards. The latest case saw the sensitive personal credit details of Chief Executive Carrie Lam Cheng Yuet-ngor and Financial Secretary Paul Chan Mo-po easily accessed by a local newspaper in what was said to be a test of the safeguards adopted by credit data agency TransUnion. The incident exposed a glaring security loophole and inadequacies in supervision by the agency.

The community is justifiably concerned after Ming Pao Daily used the publicly available information of Lam and Chan to get through the online authentication process. Thankfully, access was made with the intention of exposing the security loophole, and the newspaper has already destroyed the data it obtained. But the revelation means others may be just as vulnerable to unauthorised access, and consequences can be dire if incidents involve those with dishonest intent.

Adding to the concerns is whether the agency, a Hong Kong arm of the Chicago-based credit reporting company, is subject to the monitoring of the city’s banking regulator. It was reported that the Hong Kong Monetary Authority could only demand TransUnion to immediately suspend its online credit report services through the Hong Kong Association of Banks, and the authority had urged the local lenders involved to sign formal contracts with the agency to ensure they followed privacy rules.

TransUnion ‘a finalist’ for major fintech project amid data security row

Serving some 150 banks and financial institutions with a local database of 5.4 million people, TransUnion is the sole bureau providing credit profiles of those seeking to borrow money or apply for credit cards. That makes it legally responsible for the protection of personal data and privacy. A quick test by the city’s privacy regulator confirmed that authentication procedures pose security risks and a compliance check has been launched.

The recurrence of data leaks should prompt greater vigilance. Be it airlines, broadband companies or credit reporting agencies, the need for better online security protection applies. Review and tighten the safeguards now or you may become the next victim.