Published: 4:25pm, 23 Jan 2025Updated: 4:28pm, 23 Jan 2025
The local arm of international charity Oxfam violated the data protection law following a leak in July that potentially affected 550,000 people, Hong Kong’s privacy watchdog ruled in an investigation report on Thursday.
Advertisement
The Office of the Privacy Commissioner for Personal Data also revealed a nearly 30 per cent year-on-year increase in breach notifications last year and a 42 per cent year-on-year decrease in doxxing cases over the same period.
“The Privacy Commissioner considered that Oxfam had not taken all practicable steps to ensure that the personal data involved was protected against unauthorised or accidental access, processing, erasure, loss or use,” the commissioner Ada Chung Lai-ling said in the investigation report about the July leak last year.
The report said that Oxfam Hong Kong had contravened the Data Protection Principle (DPP) 4(1) of the Personal Data (Privacy) Ordinance concerning the security of personal data.
“The threat actor deployed ‘DarkHack’ ransomware in Oxfam’s information systems, resulting in file encryption and data exfiltration. A total of 37 servers and 24 workstations or notebook computers belonging to Oxfam were compromised,” she added.
Advertisement
Chung said she had served an enforcement notice on Oxfam, directing it to take measures to remedy the contravention and prevent recurrence of similar contraventions in the future.