Published: 6:35pm, 21 Aug 2025Updated: 6:38pm, 21 Aug 2025
Hong Kong’s privacy watchdog has ruled that three retailers, including the local branch of a Japanese multinational company that owns fashion brands Lowrys Farm and “Niko and…”, have violated data protection rules in two cybersecurity breaches that compromised the private information of more than 138,000 people.
Advertisement
Privacy Commissioner for Personal Data Ada Chung Lai-ling said investigations by her office discovered that Adastria had failed to activate any security measures provided by its software supplier and uncovered a lack of cybersecurity protection and audits by the local retailer Kwong’s Art Jewellery and its subsidiary, My Jewelry.
“In the face of escalating cybersecurity threats, organisations should recognise that the personal data in their possession is a valuable asset and allocate sufficient resources to cybersecurity and data security to safeguard the personal data in their possession,” she said.
On Thursday, Chung’s office published reports on two data breaches flagged by the three businesses last November.
The watchdog said that all three companies had failed to take all practicable steps to protect the stored personal data against unauthorised or accidental access, processing, erasure, loss or use.
Advertisement
The leak at Art Jewellery and My Jewelry affected more than 75,000 customers and about 4,400 former and current employees. The breach at Adastria impacted around 59,205 local customers.