Read More
Night Recap - April 1, 2026
2 hours ago
Six senior counsel appointed
31-03-2026 13:54 HKT
Approval granted for Kai Tak’s six-stop Smart & Green Mass Transit System
31-03-2026 16:27 HKT
Ayra Wang
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
Personal data of more than 127,000 customers was affected in a breach at fashion brand management company ImagineX Group, the Office of the Privacy Commissioner for Personal Data said yesterday while ruling the company in violation of the Personal Data (privacy) Ordinance.
The city's privacy watchdog revealed that the incident, which occurred last year, saw hackers threatening to sell stolen personal information, including the names, email addresses, phone numbers and passport copies of 127,268 individuals, which included 100,185 ICARD members, 27,069 Brooks Brothers members, and 14 current and former employees of ImagineX.
ICARD program covered six brands in Hong Kong and Macau at the time of date breach, namely Paul Smith, Club Monaco, Apivita, Isabel Marant, Natura Bisss and Sacai.
Imagine X clarified on Tuesday that Some ICARD members may be affected by this incident and the company has notified all the affected members and employees of the incident.
Privacy Commissioner for Personal Data Ada Chung Lai-ling said the breach resulted from ImagineX's failure to delete inactive accounts and update outdated systems. Chung ruled that ImagineX failed to take all practicable steps to protect personal data from unauthorized access or accidental exposure, constituting a violation of the Personal Data (privacy) Ordinance. PCPD issued an enforcement notice requiring the company to implement corrective measures and prevent future violations.
Separately, PCPD released workplace guidelines for generative AI use, compelling firms to specify permitted tools, define acceptable uses, clarify what data can be input and prohibit illegal uses.