Read More
Night Recap - July 17, 2026
9 hours ago
Police launch anti-burglary operation in Tseung Kwan O and Sai Kung
16-07-2026 03:17 HKT
Taobao-backed PapaHome to launch massive lifestyle flagship in Causeway Bay
16-07-2026 19:12 HKT
Cyberhackers attacked the Consumer Council's server and demanded a six-digit ransom for the personal data of a large number of complainants and subscribers of its Choice magazine, according to sources. The council has reported to police.
This is the second hacking incident within a month.
International hacker Trigona attacked Cyberport and demanded a ransom of US$300,000 (HK$2.34 million) for some 400 gigabytes of data that included HKID card numbers, bank statements and resumes. The data was released on the dark web when no ransom was paid.
The consumer watchdog said it will explain the incident in a press conference today.
On its website, it said it experienced a system disruption on Wednesday morning.
"Some of the council's services were affected, including complaints and inquiry hotlines, subscription hotline, online price watch and oil price watch," it said.
The council added that related services were gradually recovering.
Computer security researcher Anthony Lai Cheuk-tung said that as of 5.30pm yesterday, there had been no sale of the leaked information on the dark web.
He said the council should respond as soon as possible to explain the incident to the public.
"It is unknown the exact time the council was hacked and what has been stolen, but they should inform the affected people on the first day of the incident," Lai said.
He also wondered why many organizations do not conduct regular penetration tests for their systems as per government guidelines.
"They should not take the Cyberport incident as an individual case. They need to check whether they have similar loopholes, otherwise they will be hacked and suffer losses."
The Privacy Commissioner for Personal Data said it has started investigation upon receiving the council's notification, and suggested the council inform affected persons.
It also appealed to affected people to be vigilant about potential theft of their personal data.
"If they are in doubt about whether their personal data have been leaked, they may make inquiries with the relevant organization or the PCPD," it added.
Those affected are advised to change online account passwords, activate the multifactor authentication function if available, review bank statements to spot any unauthorized transactions and stay vigilant when receiving any suspicious calls, text messages or e-mails from unknown sources.
The PCPD suggested organizations which handle personal data to establish clear policies on data governance, such as selecting a person to bear the responsibility and provide relevant training to staff members.
It also urged organizations to conduct regular risk assessments for new systems.
stacy.shi@sigtaonescorp.com
