Kee Wah Bakery hit by ransomware attack; customer and staff data compromised

Kee Wah Bakery announced on Tuesday that its internal network system was hit by a malicious ransomware attack last week, potentially exposing the personal data of its employees, business partners, online customers, and loyalty program members.

The well-known local bakery chain discovered on Friday that its network system was failing to operate normally and subsequently received a ransom note.

In response, the company immediately engaged cybersecurity experts to implement emergency measures, which included blocking further intrusion, securing the system, performing maintenance, and launching an investigation into the breach.

While the affected database contains sensitive personal and corporate records, Kee Wah Bakery is still investigating and verifying the full extent of the incident.

It has not yet confirmed whether the data was successfully extracted by unauthorized parties or exactly what information was accessed.

However, taking a cautious approach, the company has begun proactively contacting individuals who might be affected, urging them to remain vigilant against potential security risks.

The company assured the public that customers' payment and credit card details were not affected by the incident, and emphasized that all of its retail outlets across Hong Kong continue to operate as normal.

Following the discovery, the bakery reported the incident to the Office of the Privacy Commissioner for Personal Data on Sunday and filed a formal report with the police.

The company pledged to cooperate fully with law enforcement and regulatory investigations, while apologizing to its staff, partners, and customers for the anxiety and inconvenience caused.

Kee Wah Bakery has committed to conducting a comprehensive review of its network security and upgrading its defenses based on professional recommendations.

𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝗧𝗵𝗲 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗔𝗽𝗽 ↓