Original Source

A privacy official announced a personal data breach affecting members and their families, attributing the hack to outdated software and inadequate security measures.

Massive Personal Data Breach Occurs

The Privacy Commissioner announced a recent personal data breach involving a significant amount of personal information of members and their families. This included names, Hong Kong ID card numbers, passport numbers, dates of birth, email addresses, contact phone numbers, and addresses. Such extensive data leakage poses serious implications for the victims and demands a thorough investigation by authorities.

Security Vulnerabilities and Inadequate Measures Identified

Investigations revealed that the cloud storage software used by the service provider was an outdated version with known security vulnerabilities. Hackers successfully exploited these weaknesses to obtain the service provider's account credentials (usernames and passwords). Furthermore, the system remained in a logged-in state for extended periods, lacked additional identity verification measures, and both the firewall and antivirus software were outdated, failing to accurately detect and prevent hacker activities.

*Source: YouTube: RTHK (2026-04-23)*

Related Articles