Laptops containing 3.7 million Hong Kong voters’ data stolen after chief executive election
Devices contained ID card numbers, addresses and mobile numbers
In what could be one of Hong Kong’s most significant data breaches ever, the personal information of the city’s 3.7 million voters was possibly compromised after the Registration and Electoral Office reported two laptop computers went missing at its backup venue for the chief executive election.
The devices also stored the names of the 1,200 electors on the Election Committee who selected Carrie Lam Cheng Yuet-ngor as Hong Kong’s new chief executive on Sunday.
The two computers were stolen from a room at the AsiaWorld-Expo on Lantau, which the office described as the election’s “fallback venue”.
The leadership election was held on Sunday at the Convention and Exhibition Centre in Wan Chai.
While the committee members’ full names are publicly available information, the personal data of Hong Kong’s voters could include their ID card numbers, addresses and mobile phone numbers.
The office said the computers had been put in a locked room. It reported the case to police.
In a statement, the office said there had so far been no information to indicate that the relevant data had been “leaked”. It also stressed the data had been encrypted.
Police said they received a report about the stolen computers around 4.40pm Monday. The case was being treated as theft and no arrests had been made. New Territories South regional crime unit was investigating.
A spokesman for the Office of the Privacy Commissioner for Personal Data said it had received “verbal notification” of the case from the electoral office earlier Monday.
“They stressed that the data had been encrypted,” he said. “The case involves a huge amount of personal data. The office is going to launch a probe.”
The Constitutional and Mainland Affairs Bureau said it had received a report from the electoral office that the computers were found to have been stolen around Monday afternoon.
A spokesman for the AsiaWorld Expo said it had no comment.
Election Committee member Fung Wai-wah said he was shocked to learn what had happened. “We had not been told there was a backup centre for the chief executive election,” he said.
Another committee member, lawmaker Charles Mok, said he found it “puzzling” that general voters’ data had been stored alongside that of committee members. “Perhaps they didn’t put the voters’ data in a proper place after last year’s legislative elections and then the devices were used for the chief executive election,” he added.
Last September, a computer belonging to the University of Hong Kong’s department of medicine kept at Queen Mary Hospital was stolen. It contained the personal details of some 3,675 patients.
In reply to a lawmaker enquiry last June, the bureau said during the period from June 2013 to May 2016, the privacy commissioner’s office received a total of 253 notifications of data breach incidents.
That personal data mainly included names, personal identification numbers and contact information.