Chan Kwok-ki, chief secretary for administration of the Hong Kong Special Administrative Region (HKSAR) government, speaks at the opening ceremony of an international symposium on cyber policing in south China's Hong Kong, Sept 13, 2023. (PHOTO / XINHUA)
The Hong Kong Consumer Council on Friday confirmed that hackers breached its computer system for seven hours on Wednesday, and demanded a US$500,000 ransom.
Approximately 80 percent of the system was compromised, involving employee and customer data, as well as various internal records. This is the second such attack in recent weeks following a similar hack at Cyberport.
The council also acknowledged that it is quite difficult to trace the leaked data for the time being, and it may only be known which data has been leaked when the attacker disclose it online
At a Friday press conference, Clement Chan Kam-wing, chairman of the Consumer Council, said that the stolen data is believed to encompass employee records, including current and former staff, as well as family members and applicants for vacant positions. This sensitive information comprises personal details such as identification card data, addresses, dates of birth, and employment history.
READ MORE: Cybersecurity summit: HK sees growing threats
Chan said approximately 8,000 subscribers to the Consumer Council's monthly magazine have been affected, with credit card information potentially compromised. Additionally, data pertaining to complainants and partner companies, including contact details such as addresses, phone numbers, and email addresses, may have also been exposed.
The council also acknowledged that it is quite difficult to trace the leaked data for the time being, and it may only be known which data has been leaked when the attacker disclose it online.
The council was faced with a demand to pay a ransom of US$500,000 before 11:20 pm on Saturday. If the payment is delayed, the ransom will increase to US$700,000, the hackers said. The council emphasized that they will not pay the ransom and apologized for any inconvenience caused to the public .
The council said they are currently conducting an extensive investigation to determine the extent of potential personal data leaks, and they are set to reach out to potentially affected individuals in the coming days. The incident has been reported to the police, and the council has also filed a record with the Office of the Privacy Commissioner for Personal Data.
Chan expressed his concern over the inability to identify the hackers' organization or their location. He said it remains uncertain whether this recent attack bears any resemblance to the data leak incident at Hong Kong's Cyberport tech hub.
READ MORE: EasyJet says hackers accessed data of 9 million customers
Chan emphasized that the Consumer Council had promptly heightened its vigilance and reviewed system security measures following the Cyberport breach. However, he said that despite the efforts, the organization still fell victim to such online attack, highlighting the ever-evolving techniques employed by cyber criminals.
The Cyberport tech hub experienced a similar cyber attack in mid-August, which caused leakage of sensitive information such as personal data and credit card details of current staff, former employees, and job applicants.
Last week, Secretary for Innovation, Technology and Industry Sun Dong called upon the management of the Cyberport and government departments to enhance security measures to avoid any future occurrences of such criminal activities.
