• 11/30/2024

Data breach notifications rose by nearly 50% in 2023, Hong Kong privacy watchdog finds

Hong Kong Free Press

PCPD 2023 work report

Hong Kong’s privacy watchdog has said it received more than 150 data breach notifications in 2023, marking a nearly 50 per cent increase compared to the previous year.

A total of 157 cases of hacking, loss of documents, inadvertent disclosure of personal data, and other types of data breach were reported by the public and private sector last year, the Office of the Privacy Commissioner for Personal Data (PCPD) said in a report published on Monday. The figure increased by almost 50 per cent compared to 105 notifications received in 2022.

Online scam hacking
File photo: Sora Shimazaki, via Pexels.

Incidents involving hacking saw the most significant increase, jumping from 29 cases in 2022 to 64 cases last year, and constituting 41 per cent of last year’s data breaches.

Privacy Commissioner for Personal Data Ada Chung said during a press conference on Monday that the rise could be attributed to two large-scale data leak incidents last year, which raised awareness of the threat.

“[The incidents] prompted organisations and corporations to be more cautious. When information was leaked, they would report to us at the earliest opportunity,” Chung said in Cantonese.

Last September, Cyberport reported that sensitive data such as staff details and credit card records had been disclosed following a “malicious” hack in mid-August. In the same month, the Consumer Council fell victim to hackers who launched a cyberattack that damaged about 80 per cent of the watchdog’s computer systems.

Doxxing cases dropped

The number of doxxing cases, or malicious disclosure of personal information, handled by the PCPD stood at 756 in 2023, falling by 57 per cent compared to the previous year, when there were 1,764 incidents.

Privacy Commissioner for Personal Data Ada Chung holds a press conference on January 29, 2024 about the office's work in 2023. Photo: Office of the Privacy Commissioner for Personal Data.
Privacy Commissioner for Personal Data Ada Chung holds a press conference on January 29, 2024 about the office’s work in 2023. Photo: Office of the Privacy Commissioner for Personal Data.

More than 40 per cent of the doxxing acts involved monetary disputes, while family and relationship disputes contributed to 20 per cent of the cases.

The privacy watchdog also issued 378 notices to 23 online platforms requesting the removal of 10,682 messages. The compliance rate was over 95 per cent, the PCPD said.

The PCPD gained sweeping powers under the anti-doxxing law passed in Septmber 2021 to press charges against a suspect without relying on the Department of Justice to institute a prosecution.

The legislation was proposed following a surge in doxxing cases during the months-long anti-extradition bill protests. Government supporters, police officers and their family members, and journalists were targets of doxxing, with many victims being former employees of the now-defunct newspaper Apple Daily and public broadcaster RTHK.

31 people arrested

In 2023, the watchdog initiated 140 criminal investigations and referred 31 cases to the police for follow-up actions. It also apprehended 31 individuals.

Doxxing typing computer keyboard
Photo: Rachel Johnson, via Flickr.

Ninety per cent of the suspects had allegedly disclosed personal information without consent through social media platforms and instant messaging apps, while 7 per cent had used posters and 3 per cent had used mail.

As of the end of December, the PCPD had handled a total of 2,884 doxxing cases since the law came into effect. They included complaints made by the public and cases uncovered through the watchdog’s online patrols. It had also launched 254 criminal probes and apprehended 43 individuals during that period.

Under the anti-doxxing law, those convicted could face a fine of up to HK$1 million and five years of imprisonment. The legislation carries extra-territorial effect as the privacy commissioner can request internet service providers – both based in Hong Kong and outside the city – to take down information deemed by the authorities as doxxing within a designated timeframe.

Support HKFP  |  Policies & Ethics  |  Error/typo?  |  Contact Us  |  Newsletter  | Transparency & Annual Report | Apps

TRUST PROJECT HKFP
SOPA HKFP
IPI HKFP

Help safeguard press freedom & keep HKFP free for all readers by supporting our team

contribute to hkfp methods
tote bag support

Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit.

https://hongkongfp.com/2024/01/30/data-breach-notifications-rose-by-nearly-50-in-2023-hong-kong-privacy-watchdog-finds/