HKBN Under Fire Over Data Management Regime
"); jQuery("#212 h3").html("
"); });
2018-04-18 HKT 18:12
Hong Kong Broadband Network (HKBN) has come under fire over its data protection measures after it admitted on Wednesday that hackers have attacked an inactive database containing 380,000 customer records from 2012.
HKBN said the attack happened on Monday, accessing a database holding names, email, correspondence addresses, telephone numbers and identity card numbers – and details of some 43,000 credit cards.
It also contained almost 400,000 records of the company’s fixed and IDD services of that year – 11 percent of its total 3.6 million records.
The company said it had immediately conducted a thorough internal investigation and engaged an external network security consultant to conduct a comprehensive check of all systems and servers once it identified the cyber attack. It said it had also implemented immediate measures to prevent similar attacks.
HKBN said it was not aware of any other customer databases being affected. It said it believes this was an isolated event, but stressed that it is taking the matter seriously.
The firm has reported the hack to the police and said it would inform customers affected as well as the Privacy Commissioner.
However, the incident has raised privacy concerns.
IT sector lawmaker Charles Mok called on the company to explain why it had held on to former customers' information, saying this may be a breach of privacy laws:
"The data protection principle under the privacy laws in Hong Kong do state very clearly that for personal information that’s being kept by the data user - that is the company - you have to make sure that you don’t keep this information longer than what is necessary," Mok said.
On the face of it, if these accounts were no longer in use after six years so there was probably no reason for the company to keep the credit card information, he said.
A cybersecurity expert said people whose credit card data has been stolen should check with their banks for any unusual transactions.
Anthony Lai from the cybersecurity company, VXRL, said the latest incident has once again shows that Hong Kong lags behind in regulating local firms' internet security compliance, and called for a new regulatory body.
The attack on Hong Kong Broadband Network comes just months after three travel agencies also suffered cyber attacks.
Last updated: 2018-04-19 HKT 02:06
HSBC, StanChart, Alibaba Cloud Among First Cohort Of HKMAs Gen AI Sandbox
The Hong Kong Monetary Authority (HKMA) and Cyberport have announced the first cohort of its Generative Artificial Inte... Read more
QuickFest 2025 To Focus On AI, Automation, And The Future Of Accounting
QuickFest, the virtual conference tailored for accounting professionals, bookkeepers, and consultants, will return on 1... Read more
5 Stories That Shaped Hong Kongs Fintech Scene In 2024
In 2024, Hong Kong further cemented its position as a leading fintech hub in the world, with the number of fintech comp... Read more
Top 11 Fintech Events In Hong Kong, Japan And Korea In 2025
East Asian countries, especially Hong Kong, China and South Korea, have become global hotspots for fintech innovation, ... Read more
Hong Kong SFC Grants Four VATP Licences, Boosting Virtual Asset Growth
The Securities and Futures Commission (SFC) announced today that it has granted Hong Kong VATP licences to four virtual... Read more
ZA Bank Chief Exec Ronald Iu Reportedly Stepping Down, May Join PAObank
Chief Executive of Hong Kong’s ZA Bank, Ronald Iu, is reportedly planning to step down early next year, according to ... Read more