The breach
The Hong Kong College of Technology, which offers a government-subsidized Higher Diploma in Cybersecurity, announced last week that it was the victim of a ransomware attack by hackers in late February, during which several internal papers were taken and encrypted.
This was not a normal cyber attack; it was very targeted and distinctive. HKCT strongly opposes all forms of cybercrime and sincerely apologizes for the annoyance and disruption caused by this event, according to a Chinese statement.
Impact on students
It stated that victims would receive a free six-month "credit monitoring service" and "dark web monitoring service," but refused to identify the number of students or staff affected. According to media sources, the information first leaked on the dark web this week.
The Privacy Commissioner for Personal Data informed HKFP that the data breach affected around 8,100 students, whose personal information including names, identity card numbers, addresses, email addresses, and phone numbers were disclosed.
The commissioner stated that it was investigating the infraction. It encouraged all victims to change their passwords for online accounts, enable two-factor authentication, and be wary of any unusual phone calls or links sent to their email or phones.
Ransomware attacked locals
Cyberattacks have increased on locals, including the technology park Cyberport and the private Union Hospital.
In April, the hospital's computer system was infected with LockBit ransomware, which caused partial operational paralysis, according to local media sites.
Last year, a hacker got Cyberport's network and maliciously encrypted server files. The hackers sought a ransom of $300,000. Cyperport failed to pay, and 400GB of stolen data was eventually leaked on the dark web, according to TVB.
The Consumer Council's computer system was hacked in September of last year, resulting in a data breach that included information on 289 people who had filed complaints with the council and some personnel and former staff.
After the Union Hospital hacking, Francis Fong, honorary president of the Hong Kong Information Technology Federation said that victims should not pay ransoms since hackers may still make stolen material public regardless of payment.
Fong advised all public and commercial institutions to upgrade their computer systems regularly to address vulnerabilities and improve security.
Privacy Commissioner’s Advice
- Review Security Settings: Organizations should review their communication platforms’ security settings. Strengthen authentication mechanisms and limit access to authorized personnel.
- Report Incidents Promptly: Organizations must promptly report data breaches to the PCPD. Transparency is crucial in maintaining public trust.
- Collaborate with Law Enforcement: Work closely with law enforcement agencies to track down the perpetrators and prevent further attacks.
