Hong Kong privacy watchdog calls for more data security training, says it logged 50% surge in breaches and hacking cases in 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Public sector enterprises accounted for 48, or nearly a third, of all reported data breach incidents last year, the office said.

Ada Chung, the privacy commissioner for personal data, says her office will prioritise efforts to help raise awareness among enterprises about how to best secure user information. Photo: Jonathan Wong

Meanwhile, the number of data breaches involving hacking also doubled from 29 in 2022 to 64 in 2023, making up about 41 per cent of all such cases.

“The increase in hacking incidents did raise concern on our part,” said Ada Chung Lai-ling, the privacy commissioner for personal data. “It is a worldwide trend which calls for attention and which calls for additional amounts of work to be done.”

She added that her office would be prioritising education and efforts to help raise awareness among enterprises about how to best secure user data.

The office received 43 per cent of the year’s data breach notifications between October and December, which was partly attributed to her office’s education efforts following a string of high-profile incidents earlier in the year, Chung said.

Online platform Carousell violated Hong Kong privacy laws, watchdog finds

“I think more education and promotional work has to be done by my office, and that will be one of our focuses for this year,” she added, while highlighting that the body had recently launched a data security hotline, thematic website, and online scanner last November.

The office also conducted 115 courses for enterprises on protecting data privacy and security, Chung said.

About 73 per cent of Hong Kong businesses were hit by a cyberattack between November 2022 and 2023, according to a report issued last year by the privacy office and Hong Kong Productivity Council.

In September, the Consumer Council said the personal data of as many as 25,000 people might have been leaked after the body was hit by a ransomware attack.

Hong Kong tech hub Cyberport alerts police following cybersecurity breach

The Hong Kong Laureate Foundation, Hongkong Post and hi-tech park Cyberport were also targets of hacking or ransomware attacks last year.

Just days into the new year, the Social Welfare Department was also forced to issue a public apology after a contract staff member leaked online the English names of about 1,300 people who had signed up for a disability subsidy scheme.

Also on Monday, the office called on restaurants to provide digital food ordering methods that did not involve personal data collection, after all the outlets with mobile apps it analysed tracked user activity and engaged in direct marketing.

Of the 60 restaurants reviewed between November and January, 10 had mobile apps for ordering, while the rest provided QR codes for patrons to place orders.

Mobile apps for 10 fast-food restaurant chains including McDonald’s, Starbucks, KFC, Cafe de Coral and Fairwood all tracked user activity through their app, the office said. This included data through cookies, location and browsing data, transaction records, and payment records, Chung said.

Hong Kong firm failed to protect credit histories of 180,000 people: watchdog

The others were Genki Sushi, Satay King, TamJai SamGor, TamJai Yunnan Mixian, and Yoshinoya.

It also found that all 10 of the chains carried out direct marketing to their users, and launched an investigation into one outlet for failing to get customers’ consent.

The report also raised concerns about restaurants that used QR codes for ordering, noting that they could be tampered with, which could direct customers to fake websites or malware that would put their personal data at risk.

The office called on restaurants to provide ordering methods that do not require customers to disclose personal information, create a data retention policy, regularly delete unnecessary customer information, and ensure QR codes are not tampered with.

It also advised customers to “carefully consider” what kinds of personal information they wanted to share through ordering platforms, to provide the “minimum” necessary data to place an order and to only download apps or scan QR codes from authentic sources.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW