Credit agency in new apology amid leak fearLocal | Jane Cheung 8 Jan 2019
TransUnion has been forced to apologize again after it was discovered that unauthorized people could gain access to mortgage information on its website.
Despite the apology, it refused to admit that any data leak had occurred, and said it has suspended the online search function and is improving security measures.
Neona Wang, the credit report agency's chief executive, made the apology during the Legislative Council's financial affairs panel meeting yesterday, where she was grilled.
In a paper submitted by the agency, it classified the incident as an individual purposely disguised as another to obtain personal information from its system.
This came after a local journalist managed to obtain the credit reports for Chief Executive Carrie Lam Cheng Yuet-ngor and Financial Secretary Paul Chan Mo-po from TransUnion in November by inputting their personal details, which were available online.
The company is a global credit assessment agency that maintains the loan information of 5.4 million Hongkongers.
The day after the Chinese newspaper's report, TransUnion suspended its online search function.
Information technology-sector lawmaker Charles Mok said the case involved sensitive personal information and financial data, and added that TransUnion's system had been proven on multiple occasions to be prone to cyber attacks.
"I think the government should consider introducing direct regulations on these credit report agencies," he said.
But Chris Sun Yuk-han, deputy secretary for financial services and the treasury, said the matter should be handled using privacy laws and dismissed Mok's suggestions to regulate credit report agencies like TransUnion in a similar manner as financial institutions.
"The case is mainly about how credit information and personal data can be protected. The crucial part lies in privacy rather than the development and regulation of the financial market," he said.
Yesterday, the newspaper hit back at TransUnion's accusations that its reporters hacked into the system to obtain Lam and Chan's information.
The paper said the reporter only entered the system after multiple attempts in order to test for loopholes and never used fraudulent means to obtain the sensitive information, it said.