Editorial | Massive data breach at Cyberport wake-up call for Hong Kong
- Government-funded hi-tech hub has promised to improve security, but only after it was discovered that the private information of more than 13,000 people had been compromised due to weak infrastructure and failure to follow protocol
Cyberport has been ordered to clean up its online security act after shocking new details were uncovered about last year’s data breach at the government-funded technology hub.
The revelations should prod a wider reckoning and stepped up efforts to fight cybercrime.
An investigation by the Office of the Privacy Commissioner for Personal Data determined that hackers stole data of more than 13,000 staff and jobseekers. Cyberport has been ordered to make improvements and submit a report within two months.
Commissioner Ada Chung Lai-ling said investigators found Cyberport “failed to implement sufficient and effective measures” to ensure information systems security.
She said 13 Windows operating systems and two virtual servers were found to be compromised during the August breach.
Leaked data included names, ID card and passport numbers, bank details, medical reports, photos, birth dates, social media accounts and academic information. Employment data stolen related to nearly 5,300 people who no longer work for Cyberport as well as many unsuccessful applicants with some files dating back to 2016.