IT system containing personal data of Hong Kong's Correctional Services Department illegally accessed
The personal data of about 6,800 former and current employees of Hong Kong's Correctional Services Department (CSD) were compromised after a hacking incident last week.
The CSD disclosed the incident in a statement, saying it believes the hacker illegally accessed the department's internal Knowledge Management System, and used it to illegally access another IT system that maintains personal data of CSD staff.
"Relevant data includes names, genders, dates of birth, academic qualifications, information of employment history in the CSD, and email addresses," the CSD said.
"The incident involved about 6,800 serving and departing CSD staff."
Immediate actions taken
No evidence indicated that any relevant data has been leaked or disclosed, according to the CSD, but employees have been advised to change their passwords.
"Although no evidence indicating that relevant data has been leaked, the CSD has started informing all possibly affected individuals of the situation for prudent sake," the department said.
"In case of suspicious circumstances, they should report to the Police as soon as possible."
Its other immediate actions include isolating its Knowledge Management System, reviewing all systems, activating backup procedures, and requesting an outsourced service provider to commence an investigation.
The police, the Security Bureau, the Office of the Privacy Commissioner for Personal Data (PCPD), and the Digital Policy Office (DPO) have been informed of the incident, according to the CSD.
"The CSD is very concerned about the IT system security incident. The Department is consulting the PCPD and the DPO, with a view to conducting a comprehensive review of the incident and taking further enhancement measures for personal data protection to prevent recurrence of similar incidents," it stated.
