HKBN Under Fire Over Data Management Regime

"); jQuery("#212 h3").html("

Related News Programmes

"); });

2018-04-18 HKT 18:12

Share this story

facebook

  • The company says the data was on its 2012 customers. Photo: Courtesy of HKBN

    The company says the data was on its 2012 customers. Photo: Courtesy of HKBN

Hong Kong Broadband Network (HKBN) has come under fire over its data protection measures after it admitted on Wednesday that hackers have attacked an inactive database containing 380,000 customer records from 2012.

HKBN said the attack happened on Monday, accessing a database holding names, email, correspondence addresses, telephone numbers and identity card numbers – and details of some 43,000 credit cards.

It also contained almost 400,000 records of the company’s fixed and IDD services of that year – 11 percent of its total 3.6 million records.

The company said it had immediately conducted a thorough internal investigation and engaged an external network security consultant to conduct a comprehensive check of all systems and servers once it identified the cyber attack. It said it had also implemented immediate measures to prevent similar attacks.

HKBN said it was not aware of any other customer databases being affected. It said it believes this was an isolated event, but stressed that it is taking the matter seriously.

The firm has reported the hack to the police and said it would inform customers affected as well as the Privacy Commissioner.

However, the incident has raised privacy concerns.

IT sector lawmaker Charles Mok called on the company to explain why it had held on to former customers' information, saying this may be a breach of privacy laws:

"The data protection principle under the privacy laws in Hong Kong do state very clearly that for personal information that’s being kept by the data user - that is the company - you have to make sure that you don’t keep this information longer than what is necessary," Mok said.

On the face of it, if these accounts were no longer in use after six years so there was probably no reason for the company to keep the credit card information, he said.

A cybersecurity expert said people whose credit card data has been stolen should check with their banks for any unusual transactions.

Anthony Lai from the cybersecurity company, VXRL, said the latest incident has once again shows that Hong Kong lags behind in regulating local firms' internet security compliance, and called for a new regulatory body.

The attack on Hong Kong Broadband Network comes just months after three travel agencies also suffered cyber attacks.

Last updated: 2018-04-19 HKT 02:06

RECENT NEWS

XTransfer Partners With Bank SinoPac HK To Expand Cross-Border Payment Services

XTransfer has entered into a collaboration with Bank SinoPac, through its Hong Kong Branch, to expand international ope... Read more

Standard Chartered To Launch Bitcoin And Ethereum Custody Services By 2026

Standard Chartered Bank (Hong Kong) participated in Hong Kong Fintech Week 2025 (HKFTW25) as a strategic partner, annou... Read more

HashKey And Kraken Form Partnership On Institutional Tokenised Assets

HashKey and Kraken have announced a strategic partnership to promote institutional adoption of tokenised assets. The co... Read more

Reap Expands Global HQ With New Office In Hong Kong

Reap, a global fintech company providing stablecoin-enabled financial infrastructure, has expanded its global headquart... Read more

SoftBank And OpenAI Partner To Deliver Enterprise AI In Japan

Read more

HeyMax Debuts In Hong Kong, Partnering With Cathay To Drive Regional Growth

Loyalty and travel rewards platform HeyMax has made its first international launch in Hong Kong, partnering with Cath... Read more

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.