Date: 7 September 2023
Response to media enquiry on the Data Breach Incident of Cyberport
Thank you for your enquiry. Our response to your enquiry is as follows:
Enquiry:
“I am writing to enquire about PCPD’s response to the reported cyberattack on Cyberport involving more than 400GB of organisational data and the blackmailing attempt for US$300,000.
-
I would like to ask if the commissioner had received any notification from Cyberport regarding the hacking case?
-
After the reported attack, what has been done by Cyberport or the commissioner to stop further leakage of such data.
-
Is there any follow-up actions the commissioner is able to reveal now to resolve this issue?”
Answers (Questions 1-3):
-
The Office of the Privacy Commissioner for Personal Data (PCPD) received a data breach notification from the relevant organisation regarding the incident on 18 August 2023 and has commenced a compliance check into the incident in accordance with established procedures. The PCPD has advised the relevant organisation to notify the affected data subjects as soon as possible.
-
The PCPD appeals to the affected data subjects to be vigilant about potential theft of their personal data. If they are in doubt about whether their personal data have been leaked, they may make enquiries with the relevant organisation or the PCPD (telephone: 2827 2827 or email: communications@pcpd.org.hk). To protect personal data privacy, affected data subjects are also advised to take the following measures:
- Consider changing the passwords of online accounts and activate the two-factor authentication feature (if available);
- Beware of any unusual logins of personal emails;
- Stay vigilant when they receive any suspicious calls, text messages or emails from unknown sources, do not open the attachment or disclose their personal data arbitrarily; and
- Be vigilant against phishing or other possible scams.