International hackers are demanding a ransom of around HK$2.35 million after they hacked into Cyberport’s computers and stole over 400 gigabytes of information belonging to startup companies including company and employees’ personal identity documents.
Cyberport has reported the hacking incident to police and privacy watchdog.
FalconFeedsio, a cybersecurity platform, revealed the data theft in a tweet on Tuesday, saying ransomware group Trigona added Cyberport to its “victims list” after claiming access to more than 400 gigabytes of data.
It is understood that the data includes personal information of employees working at startup companies at Cyberport and confidential company documents.
The data has since been put up for bid online with a reserve price of US$300,000 (HK$2.34 million).
The tech hub confirmed it has “identified a cyber security incident involving unauthorized third-party access to part of Cyberport’s computer system.”
Expressing grave concern over the leak, Cyberport said it has reported the incident to police and shut down the affected computer device. In the meantime, it is conducting a thorough investigation into the breach with the help of external cybersecurity experts.
It said that earlier yesterday its security surveillance monitored the internet for circulation of information suspected to be related to the breach, adding that affected parties would be notified and a dedicated e-mail account has been created to handle inquiries.
Office of the Privacy Commissioner for Personal Data said Cyberport notified it of a data breach on August 18.
”The office has launched a probe into the incident in accordance with established procedures and also suggested that the relevant organization should notify the affected persons as soon as possible,” the privacy watchdog said. Those affected should change their passwords, enable multifactor authentication and pay attention to abnormal e-mail logins, it said.
Francis Fong Po-kiu, honorary president of Hong Kong Information Technology Federation, said although ransomware attacks have been common in Hong Kong for years, it is difficult for companies to protect their systems against hackers.
”As virtue rises one foot, vice rises 10,” he said.
Saying the investigation is still ongoing, Fong pointed out that Cyberport tenants also have access to the Cyberport system and it could either be Cyberport staff being careless or startups having loopholes in their systems.
He said the data leakage was serious as private information of startup staff members including identity card numbers were exposed.
He said a thorough investigation is needed, and urged the tech hub to inform its tenants without delay.
Anthony Lai Cheuk-tung, a malware analyst from Valkyrie-X Security Research, was pessimistic that Cyberport would ever be able to get the data back even if it paid hackers the ransom.
Lai said it was also possible the hackers had sent phishing e-mails to Cyberport staff members.
”There is no guarantee that they will provide a legitimate decryptor for the files … they could compensate the victims with the ransom money instead of paying the hackers,” he said.