Cyber criminals have targeted both companies and individuals in Hong Kong
Cyber criminals are fixed on Hong Kong. According to Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD), there were 98 breach incidents (including hacking) affecting 871,000 Hong Kong individuals in 2015. This compares to 70 incidents affecting just 47,000 individuals from the previous year. The number of individuals affected last year is an 18 fold increase on 2014.
Just late last year, PCPD announced that it has commenced an investigation on a data breach incident of VTech Holdings Limited (VTech), a Hong Kong based-supplier of children’s learning products. About five million customer accounts, including the profiles of more than 200,000 children, were hacked from VTech’s Learning Lodge app store database on 14 November 2015. Personal data breached includes customers’ names, email addresses, passwords, download history, as well the names, gender and birth dates of children who use the Learning Lodge site to download apps, games and electronic books. VTech discovered the breach on 24 November 2015.
Under Hong Kong law, if there is a non-compliance with data protection principles in the Personal Data (Privacy) Ordinance (PDPO), including potentially the failure to properly secure personal data, the PCPD may serve an enforcement notice to direct the data user to remedy the contravention and avoid re-occurrence of data breach.
HK Financial service institutions have all been targets for cyber criminals, and the financial service industry in Hong Kong are now actively increasing their spend on fortifying their security infrastructure. A reality for any company in any industry sector is that just having anti-virus software is not enough to protect digital information.
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) said extortion – through distributed denial of service attacks, breaches of personal data from mobile devices and theft of credit card details from retail card payment terminals – was among the major threats facing the public this year.
Leung Siu-cheong, a senior consultant at the centre, said attackers sought to reap benefits from data loss and service disruption, including financial losses.
“If you have data leakage, maybe you will have legal liability because you lose customer data,” Leung said. “The result of all of these attacks will be reputational damage.”
The Hong Kong Monetary Authority confirmed that cyber criminals are using both sophisticated and commonplace means to breach financial institutions’ firewalls with increasing regularity.
Information provided to the HKMA by banks operating in the Territory indicate there were at least 17 reported cases related to distributed Denial of Service (DDoS) attempts in 2015. Among those breached were the Hong Kong unit of Malaysia’s Public Bank and Hong Kong wealth manager Kowloon Global.
More Here [CWHK]