Hong Kong prison department’s IT system hacked, 6,800 employees’ data compromised

Hong Kong prison authorities have reported the hack to police, the Security Bureau, the city’s privacy watchdog and the Digital Policy Office.

Photo: Sun Yeung A computer system containing Hong Kong prison employees’ personal data has been hacked, compromising the information of 6,800 current and former staffers.

The Correctional Services Department said on Friday evening that a hacker had gained illegal access to one of its IT systems on Tuesday. “After a preliminary investigation, the Correctional Services Department believes the incident involved unauthorised access to the internal Knowledge Management System by a hacker, through which the hacker then gained entry to another IT system maintaining personal data of [the department] staff,” it said.

The data involved 6,800 current and former employees, including their name, gender, date of birth, academic qualifications, employment history in the department and email addresses, it added.

The department stressed that there was no evidence so far suggesting the data had been leaked or disclosed.

It informed all potentially affected individuals of the situation and reminded them to report any suspicious circumstances to police as soon as possible.

It also reported the case to police, the Security Bureau, the city’s privacy watchdog and the Digital Policy Office.

The department added it had already taken immediate follow-up action after the incident, including isolating its internal Knowledge Management System, notifying users to change passwords, thoroughly reviewing all systems and instructing the outsourced service provider to start an investigation.

It pledged to conduct a comprehensive review of the incident and enhance existing measures to prevent a repeat of such data breaches.

原文链接: 南华早报