The privacy watchdog has ruled that the Yau Yat Chuen Garden City Club failed to take all practicable steps to protect personal data following a major data breach that involved the information of 9,045 individuals last October.
The breach occurred when ransomware encrypted the club's management system files, making the system inaccessible.
According to a report released Thursday by the Office of the Privacy Commissioner for Personal Data (PCPD), the compromised data included members’ full names, HKID or passport numbers, dates of birth, email addresses, contact numbers, and residential addresses.
Privacy Commissioner Ada Chung Lai-ling expressed disappointment over the club’s security lapses. The PCPD has issued an enforcement notice requiring the club to take urgent remedial actions to address non-compliance and prevent future breaches.
Chung explained that the deficiencies in the incident stemmed from the club’s lack of appropriate organizational measures for information security. These included using outdated remote access software with known security vulnerabilities and failing to implement multi-factor authentication for remote server access.
Furthermore, the club used obsolete antivirus software and firewalls, and retained personal data for an excessive period—specifically keeping the records of over 800 former members and more than 3,000 supplementary cardholders for more than seven years.
Chung urged organizations to adopt proactive strategies, regularly review the effectiveness of their information system security measures, and allocate sufficient resources to protect personal data.
Meanwhile, the PCPD shared practical tips for parents and teachers, urging them to monitor children’s online activity, use parental control tools, tighten app and platform privacy settings to “restricted access”, and remind children using AI chatbots not to share personal information.
The office cautioned parents against oversharing children’s personal data when posting updates online, urging them to prioritize the child’s best interests and respect their wishes before sharing such content.
𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗧𝗵𝗲 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗔𝗽𝗽 ↓
