A cyber attack targeting Hongkong Post may have resulted in the unauthorized disclosure of the names, addresses, and phone numbers of senders and recipients using the EC-Ship service. The extent of the impact on affected individuals has yet to be determined.
Hongkong Post announced late on Monday (Jul 21) that the incident involved "a robotic access to information of the address books of account holders of EC-Ship". In addition to names and addresses, fax numbers and email addresses of both account holders and recipients may have also been compromised.
Hongkong Post said it has taken immediate measures to block the unauthorized access and reported the case to the Police, the Digital Policy Office (DPO), the Office of the Privacy Commissioner for Personal Data and the Security Bureau respectively on the same day.
The EC-Ship service has since resumed normal operations, it added.
The investigation is ongoing to determine the number of affected account holders and to verify whether personal data has been leaked. Affected individuals will be notified as further information becomes available.
Hongkong Post reiterates that it will not send embedded hyperlinks via emails, SMS messages or social media pages for collecting personal information or requesting for payment.
