A leading jewellery chain in Hong Kong has said it was reaching out to about 1,800 local customers after their records “with partial details” appeared for sale on the dark web.
Luk Fook Holdings, which owns Lukfook Jewellery, confirmed the leak in a stock exchange filing on Friday, more than a month after the files were listed online for sale under the name “Hong Kong Golden Luk Fook Database” for 25,000 Tether coins, worth about HK$195,000.
A check by the Post found that a user on BreachForum was offering information of 5 million “VIP users” and “tens of millions of ordinary users” of Lukfook Jewellery for the same number of Tether coins. The user claimed a “sample” was available upon request.
“Upon investigation, it has been confirmed that attempts of unauthorised access to the group’s database had occurred,” the company said. “However, only about 1,800 Hong Kong customer records with partial details were observed to be extracted from the group’s database. The investigation has not been able to verify the completeness or validity of these records extracted from the company’s database.”
The company said possibly affected customers were being alerted of the potential exposure of their personal information.
The company first said on May 10 it had spotted a thread on an underground forum that invited bids for its customer data “on or about” May 7. It has since engaged a cybersecurity consultancy firm to investigate the leak.
The Friday statement did not explain how the breach took place, claiming that “at all material times, the impacted server was protected by network firewalls and endpoint detection and response solutions against network-based and host-based threats”.
The company added it has disconnected the affected server from the network and performed a full malware scan. It had also conducted periodic monitoring and put in place additional security measures to prevent a recurrence of such attacks.
Police have previously said they are investigating the case.
Lukfook Jewellery has 66 shops in Hong Kong and Macau, as well as more than 3,200 outlets in mainland China, according to the group’s interim report for the 2023-24 financial year.
