Read More
The Consumer Council has sent out 25,000 data breach notifications to complainants, staff, and its magazine subscribers, and received 106 inquiries after the watchdog discovered its computer server was hacked on Wednesday and a US$500,000 (HK$3.9 million) ransom demanded.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
The ransom has not been paid, and despite the deadline having passed on Saturday, no data have been disclosed publicly by far, said chief executive Gilly Wong Fung-han yesterday.
The watchdog said the data of approximately 8,000 individuals was suspected to have been compromised.
The 25,000 notifications include its Choice magazine subscribers, of which 1,600 were sent to event voters. Other partners or business contacts have also been notified, including approximately 700 schools. But job applicants have not been notified yet, as their contact records are stored in the computer system.
It has obtained information regarding free monitoring network services, which will be provided to individuals.
No compensation claims have so far been received, but any claim will be handled by lawyers.
Wong said most inquiries were from Choice subscribers who can't remember which credit card they used.
Services, including inquiries, have been restored, but the handling of complaints may see delays. Starting yesterday, the internal system is gradually being rebuilt.
The watchdog said it has come to its notice that some people have been receiving automated phone calls, claiming to be from the council, saying that their consumption record was abnormal and asking them to contact a customer service rep.
It said these calls are not made by its staff or system and reminded people not to provide any personal information when receiving suspicious calls, messages, or emails claiming to be from the council. If there are doubts, the council urges people to call its hotline on 2929-2222.
Lai Cheuk-tung, a computer security researcher, said no leaked personal data has been discovered on the dark web or Twitter yet.
He said that due to limited income and resource constraints, some public organizations can only afford inexpensive computer security services.
Lai said the SAR administration should allocate more funds to support the strengthening of network security and that ransomware often targets older systems.
He also said that network security testing is another problem if it is not up to date.
Although the watchdog keeps personal data on separate computer systems, sometimes data is stored on other servers as a result of emails, causing Lai to suggest such data be deleted.
He called for caution as cyberattackers might also spread their phone numbers or data to fellow hackers.
