Fimmick ransomware attack puts over 35,000 people's data at risk

Over 35,000 people’s personal data are at risk after digital marketing agency Fimmick had its computer system attacked by ransomware in September.

The Office of the Privacy Commissioner for Personal Data confirmed on Thursday that L’Oreal Hong Kong customers had their personal data leaked, including their name, telephone number, email address, residential address, month of birth, Facebook name, and Facebook email address.

Nine companies are still investigating if their customers are affected. They include Fimmick's corporate clients McDonalds, Coca-Cola China, Bupa (Asia) Limited, Europe Group Holdings, Green Square Marketing, Mentholatum (Asia Pacific), Nestle Hong Kong, Reckitt Benckiser Hong Kong, and Mead Johnson Nutrition (Hong Kong).

The office received data breach notifications from Fimmick in October, which involved the leakage of some of the personal data processed by the agency.

The Privacy Commissioner for Personal Data, Ada Chung Lai-ling, appealed to citizens who have provided personal data to the above companies, including those who have become their fan club members or made online purchases with them, to be vigilant about the potential theft of their personal data.

“If they are in doubt about whether their personal data have been leaked, they may make enquiries with the companies concerned or make enquiries or complaints to the Office,” she added.