Hong Kong government told by its IT office to carry out urgent cybersecurity review after leaks from 2 departments

Hong Kong government told by its IT office to carry out urgent cybersecurity review after leaks from 2 departments

The Hong Kong government has been told to carry out cybersecurity checks after reports of major data breaches in two departments over the past few days that involved the personal details of almost 130,000 people.

The Office of the Government Chief Information Officer – the government’s top information technology unit – said in a Facebook post on Sunday that it had asked all bureaus and departments to review their computer security and report back within a week.

“[We] are highly concerned about the cybersecurity incidents at government departments recently, especially involving the leaks of personal data,” the office wrote.

“Apart from providing technical support, the office has also again sent clear directives to the heads of bureaus and departments, asking them to conduct a comprehensive review of their existing cybersecurity measures.

The Companies Registry, where a major data breach sparked a call from the government’s IT experts for a review of cybersecurity across the administration. Photo: Handout

“We also reminded all users and systems under the departments that they must strictly comply with the government’s rules, policies and guidelines on data security in handling sensitive and personal information.

“In no way can the data be stored on publicly owned cloud platforms.”

The Companies Registry last Friday said personal information on about 110,000 people had been leaked because of a fault in its digital platform.

Information revealed included names, addresses, telephone numbers and email addresses, as well as identity and passport numbers.

Hong Kong government centralised cybersecurity needed, experts say

The Electrical and Mechanical Services Department a day earlier reported that information on 17,000 public housing tenants required to take coronavirus tests in 2022, including their names, phone numbers, ID numbers and addresses, had been compromised.

IT experts have appealed to the government to draw up policies to centralise cybersecurity protection for all departments and associated organisations in a bid to cut the risk of more security breaches.

The Office of the Privacy Commissioner for Personal Data announced last Thursday that the Consumer Council had breached privacy rules when personal information about more than 470 people was stolen in a cybersecurity attack last September.



Read More

Leave a Reply