Published: 4:14pm, 7 Jul 2025Updated: 5:00pm, 7 Jul 2025
HK Express, the budget carrier of Hong Kong’s Cathay Pacific Airways, mistakenly directed a customer to log into another’s account due to a “scripting error”, enabling him to access the other person’s personal information including birth date, according to investigations by the privacy watchdog.
Advertisement
That case and seven others revealed on Monday by the Office of the Privacy Commissioner for Personal Data included one involving CJ Plus Insurance, which sent documents printed on recycled paper that contained résumés and copies of Hong Kong identity cards.
“In the digital age, organisations have generally strengthened their awareness and capability in protecting personal data,” Privacy Commissioner Ada Chung Lai-ling said.
“While most [of the eight] cases affected relatively few individuals, these incidents serve as a reminder to the public that information security risks can arise from any work process.”
Chung said all eight incidents – including one concerning the government’s Transport Department – involved negligence in following established procedures to prevent data leaks.
Advertisement
They were found to have contravened the requirements under the Personal Data (Privacy) Ordinance, such as by using personal data for a new purpose and not taking sufficient practical steps to prevent a data leak, the office said.