Hong Kong government under fire over ‘unacceptable’ data breaches affecting 130,000 people, as lawmaker urges disciplinary action
Hong Kong authorities are under pressure to strengthen cybersecurity measures after a string of data breaches at major public bodies affected nearly 130,000 people, with a legislator urging disciplinary action against department heads for future failures.

Lawmaker Elizabeth Quat, who chairs the Legislative Council’s information technology and broadcasting panel, said on Monday that civil servants should be held accountable, as such incidents were “unacceptable”.

“The Civil Service Bureau should task all government departments and their heads with doing their work well in terms of cybersecurity and protection of personal privacy,” she told a radio show.

“If these departments or systems have issues or similar incidents occur again, there should be a punishment mechanism, a person to be held accountable and disciplinary action.”

The Companies Registry said on Friday last week that personal information – including names, addresses, telephone numbers and email addresses, as well as identity card and passport numbers – of about 110,000 people had been leaked because of a fault in its digital platform.

The Electrical and Mechanical Services Department a day earlier also reported that information on 17,000 public housing tenants required to take Covid-19 tests in 2022, including their names, phone numbers, ID numbers and addresses, had been compromised.

The Office of the Government Chief Information Officer said on Sunday it had requested all bureaus and departments to review their computer security and report back within a week following the series of incidents.

Quat urged authorities to follow up on and investigate the breaches.

“Everyone can see that when a case involves so much personal information from victims and so many residents, the consequences can be severe,” she said. “If this information is revealed and it is used maliciously by some people, the results can be very serious.”

Francis Fong Po-kiu, the honorary president of the Hong Kong Information Technology Federation, said that the Companies Registry should have spotted the faults before launching its system.

He also warned that a new digital policy office to be set up by the government would not be a silver bullet for cybersecurity failures.

The Companies Registry has said the personal information of about 110,000 people was leaked because of a fault in its digital platform. Photo: Companies Registry

The creation of the body was announced in last year’s policy address with the merging of the Office of the Government Chief Information Officer and the Efficiency Office.

Fong said the government should conduct security audits for its existing systems and establish guidelines for all processes involved in the development of IT projects, from issuing tenders to receiving the finished product.

He called on the government to learn from the recent experience and take a more centralised approach.

“The current situation is that department A, department B and department C basically do not communicate with each other, so they do not know what one another is doing,” he said.


Leave a Comment