A 54-year-old mainland Chinese man was detained in Kowloon today by the Office of the Privacy Commissioner for Personal Data for allegedly leaking his ex-employer's personal details—including ID number, phone contacts, bank account, and courtroom photos—onto company chat groups in a brazen doxxing attack that violated data protection laws.
The suspect, who worked for the victim's firm from November 2023 to May 2024, had admin rights over several instant-messaging groups set up to promote the business and its affiliates.
In early March this year, someone posted two images of loan agreements naming the boss as borrower, a video of him reading the terms aloud, and five court documents listing him alongside the companies as defendants in a civil suit.
The exposed information spanned the victim's full Chinese name, Hong Kong ID, mainland and local mobile numbers, a mainland bank account, plus his visible face in the clip.
Investigators believe the disclosures stemmed from workplace grudges, though the man has been released on bail pending further inquiries.
Authorities warn that doxxing over job disputes only escalates conflicts and carries severe penalties—up to a HK$1 million fine and five years in prison upon conviction—urging the public to resolve grievances without resorting to personal data sabotage.
