Lowrys Farm owner, My Jewelry slammed as 138,000 Hongkongers hit in data leaks

Hong Kong’s privacy watchdog has ruled that three retail firms, including a branch of a Japanese multinational company that owns fashion brands Lowrys Farm and “Niko and…”, violated data protection rules in two cybersecurity breaches that compromised the private information of more than 138,000 people.

Privacy Commissioner for Personal Data Ada Chung Lai-ling said on Thursday that investigations by her office discovered that Japanese retailer Adastria had failed to activate any security measures provided by its software supplier and uncovered a lack of cybersecurity protection and audits by local firm Kwong’s Art Jewellery and its retail subsidiary, My Jewelry.

“In the face of escalating cybersecurity threats, organisations should recognise that the personal data in their possession is a valuable asset and allocate sufficient resources to cybersecurity and data security to safeguard the personal data in their possession,” she said.

Chung’s office released reports on Thursday on two data breaches flagged by the three businesses last November.

The watchdog said that all three companies had failed to take all practicable steps to protect the stored personal data against unauthorised or accidental access, processing, erasure, loss or use.

The leak at Kwong’s Art Jewellery and My Jewelry affected more than 75,000 customers and about 4,400 former and current employees. The breach at Adastria impacted around 59,205 local customers.