Source:
https://scmp.com/comment/insight-opinion/article/1894442/have-yourself-merry-little-holiday-safe-surfing
Opinion/ Comment

Have yourself a merry little holiday of safe surfing

Two recent online data breaches should sound alarm bells for companies in Hong Kong

Alex Lo
Alex Lo

Updated: 2:59pm, 4 Mar, 2016

Why you can trust SCMP
FILE - In this July 24, 2014 file photo, a model dressing as Japanese character Hello Kitty, right, along with Hong Kong actresses Priscilla Wong, left, and Celine Yeung, second from left, pose with a new figure of Hello Kitty unveiled at the Madame Tussauds in Hong Kong, to mark the 40th anniversary of the birth of the popular Sanrio character. The Japanese company that owns the Hello Kitty brand said it has fixed a security leak in an online fan site for the famous character that compromised the personal information of 3.3 million users. Sanrio Co.’s digital arm said Tuesday, Dec. 22, 2015, that it “corrected” a security vulnerability on the SanrioTown.com website and was carrying out an investigation. The leak was discovered Saturday, Dec. 19, by a security researcher. (AP Photo/Kin Cheung, File)

It’s a good thing my wife is partial to My Melody, the also-ran bunny friend of Japan’s megastar Hello Kitty.

More than three million accounts of Hello Kitty fans, many from Hong Kong, were left vulnerable to cybertheft by hackers, after Hong Kong-based Sanrio Digital inadvertently left a back door open to its data network for nearly a month.

Imagine if my wife had registered on the site. Hackers could have learned all about the names, ages and gender of our family members, including those of our cats and dogs. Note to wife: have you joined any My Melody fan club on the web?

Sanrio Digital admitted 3.3 million accounts had been vulnerable after a US-based IT specialist helpfully notified it. The company, which is partly owned by Sanrio, the Japanese owner of the Hello Kitty brand, said it had fixed the hole and that it believed no data had been stolen. But who knows?

This is the second data scare in as many months.

VTech, the educational toy giant, admitted last month that the confidential information of 6.4 million children and 4.9 million adults worldwide was stolen after its database was hacked.

The unencrypted data included names, passwords, secret questions and answers for password retrieval, IP addresses, postal addresses, download histories and children’s names, genders and birth dates. British police arrested a 21-year-old man last week in connection with the VTech hack.

VTech’s breach is much more serious than Sanrio Digital’s.

Indeed, the listed company’s corporate reputation is now on the line, as its biggest market is in the US where cybersecurity is taken very seriously by corporations there. But if these two incidents do not sound an alarm bell for companies in Hong Kong, nothing will.

Hong Kong prides itself on being a highly connected city in cyberspace. Yet, internet security awareness is low among individuals and corporations.

Witness the massive data breach at Sony Pictures in the United States last year. Several top executives had to fall on their own swords. If Hong Kong bosses care nothing about securing data for their clients, they should at least care about their jobs.

It’s the season of goodwill. Let me wish my readers and their children happy and safe surfing on the internet.