Personal data of 70,000 at risk after SCAA cyber attack

The personal information of around 70,000 people - including identity cards, phone numbers and photos - may have been leaked after a hacking attack on the South China Athletic Association, the city's privacy watchdog said.

The Office of the Privacy Commissioner for Personal Data said it received a data breach notification from the sports association on Monday that the personal data of about 70,000 members may have been affected.

The leakage may involve personal information, including names, Hong Kong identity card numbers, passport numbers, phone numbers, addresses, birthdays, email addresses and photos, according to the watchdog.

This came after the association's computer servers were intruded on by an unauthorized third party on Sunday. The association shared the news Monday night on its social media, saying that it had shut down the affected computers to minimize the impact.

"The association condemns any form of cybercrime and fully cooperates with law enforcement agencies," it said, adding there is no evidence to suggest any data leak.

It also said it has activated an emergency plan and will notify affected members. "We've taken immediate action to collaborate with professional internet security teams to conduct a comprehensive server inspection and repair," it added.

The PCPD appealed to affected citizens to make inquiries and complaints with the association or the PCPD if they suspect their personal data has been leaked.

It has also advised the association to notify those affected as soon as possible and has commenced an investigation."Persons affected are advised to change the passwords of online accounts and activate the multi-factor authentication feature," it said. "They should also be aware of any unusual logins of personal emails and review bank statements to spot any unauthorized transactions."

The watchdog also reminded affected citizens to stay vigilant when they receive suspicious calls, text messages or emails from unknown sources.