Read More
Privacy Commissioner Ada Chung Lai-ling has sought to reassure the public that there is no current evidence of actual loss or financial damage following a significant data breach on the Canvas learning platform.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
Despite the lack of immediate casualties, the scale of the incident remains substantial, with seven Hong Kong institutions officially reporting leaks that have exposed the personal information of over 72,000 individuals.
The compromised data spans sensitive categories including names, email addresses, usernames, and student identification numbers, as well as specific academic and departmental records stored within the system.
In a recent interview on *a* radio program, the commissioner explained that her office is actively working with the affected organizations to clarify the exact scope of the fallout.
She noted that the platform suffered two separate hacking incidents, and the parent company is expected to continue its internal investigation for several more weeks.
While actual losses have not yet been identified, the Commissioner advised any institutions still operating on the platform to carry out a comprehensive security overhaul and suggested that sensitive data previously uploaded to the system should be deleted as a precaution.
The commissioner also raised concerns regarding reports that the platform's parent company may have reached an agreement with the hackers to facilitate the return of the stolen data.
She firmly condemned the practice of paying ransoms, highlighting that such deals involve illegal actors and provide no guarantee that the data won't be misused or that additional copies don't exist.
Furthermore, she warned that complying with these demands could set a dangerous precedent, potentially attracting more cybercriminals to target similar organizations.
Beyond the educational platform breach, the Commissioner touched upon recent changes to Instagram's security features.
She expressed concern that the social media platform stopped supporting end-to-end encryption for its messaging services earlier this month, a move that makes private communications more susceptible to third-party interception.
For users concerned about these changes, she recommended backing up important message threads and deleting them from the app to maintain better control over their personal privacy.
