Date: 11 February 2022
Privacy Commissioner Commenced Investigation into a Data Breach Incident Involving a Local Hotel Group
The Office of the Privacy Commissioner for Personal Data (PCPD) has recently received a data breach notification from Harbour Plaza Hotel Management Limited (Harbour Plaza), reporting that some of its hotels’ accommodation reservation databases suffered from a cybersecurity attack. On 9 February, the PCPD was informed that the personal data of approximately 1.2 million customers were affected. Having considered the nature of the incident and the significant number of data subjects involved,
the PCPD commenced an investigation into the incident today (11 February) to request Harbour Plaza to provide more information in relation to the incident, including the details of the incident and the types of personal data involved.
The Privacy Commissioner for Personal Data, Ms Ada CHUNG Lai-ling, appeals to citizens who have previously stayed in, and provided their personal data to, the hotels of Harbour Plaza to be vigilant about potential theft of their personal data. If they are in doubt about whether their personal data have been leaked, they may make enquiries with Harbour Plaza via its dedicated website (https://info.harbour-plaza.com) and call centre (+852 3908 0740), or make enquiries/complaints to the PCPD (telephone: 2827 2827 or email: communications@pcpd.org.hk). To protect personal data privacy, affected citizens are also advised to take the following measures: -
-
Change the passwords of the relevant accounts and enable the two-factor authentication function (if available);
-
Stay vigilant when they receive any suspicious calls, text messages or emails from unknown sources;
-
Be vigilant against phishing or other possible scams;
-
Review their payment card statements to spot any unauthorised transactions; and
-
Beware of any unusual logins of any registered accounts and personal emails.
In addition, in relation to the media reports on the abnormal and suspicious activities on the computer system of HKTVmall (operated by Hong Kong Technology Venture Company Limited) discovered on 26 January which led to unauthorised access to a small portion of the customers’ data of HKTVmall, the PCPD is presently following up the matter with the company, including ascertaining the number of Hong Kong customers affected.