Oxfam Hong Kong investigates potential data breach following cyberattack

Hong Kong Free Press

Oxfam’s Hong Kong office experienced a cyberattack earlier this month and is investigating whether it resulted in the disclosure of personal data, the NGO has said.

The cyberattack happened on the morning of July 10, affecting certain systems including its Oxfam TrailWalker system.

Oxfam’s Hong Kong office is investigating whether a cyberattack had resulted in disclosure of personal data, the NGO said on July 26, 2024. Photo: Oxfam Hong Kong.

Oxfam immediately launched an investigation and engaged experts to conduct an examination of the affected systems to assess the impact of the attack, according to the NGO’s statement.

“We are actively working with our cybersecurity experts to investigate into whether the Incident had resulted in any unauthorised disclosure of personal data that we hold, and the extent of any such disclosure,” Oxfam said.

Oxfam also reported the incident to the police, the Office of the Privacy Commissioner for Personal Data (PCPD), and the Hong Kong Computer Emergency Response Coordination Centre.

PCPD Office of the Privacy Commissioner for Personal Data — The Office of the Privacy Commissioner for Personal Data. File photo: Peter Lee/HKFP.

“We want to assure our donors and partners that data security is our top priority and we take this very seriously. [Oxfam] remains committed to continuously strengthening its digital defense to safeguard its information and systems,” it said.

BMW leak

Separately, the city’s sole distributor of BMW vehicles on Thursday said some 14,000 customer records had been affected by a “cybersecurity incident,” including salutations, names, mobile numbers, and SMS opt-out preferences.

In a statement, BMW Concessionaires said an external cybersecurity expert would be engaged to launch a comprehensive investigation into the incident.

The distributor’s statement came a week after it notified the PCPD about the breach last Thursday. The privacy watchdog said in a statement on Thursday that it had “advised the relevant organisation to notify the affected data subjects as soon as possible.”

The city’s sole distributor of BMW vehicles in the city on July 26, 2024 said some 14,000 customer records were affected in a “cybersecurity incident.” Photo: BMW Concessionaires.

The PCPD received another notice of the incident from Sanuker, a business messaging service provider contracted by BMW Concessionaires, on Wednesday, regarding the same breach.

“The PCPD has commenced an investigation into the incident in accordance with established procedures,” the statement said.

The watchdog said in January that it received more than 150 data breach notifications in 2023, marking a nearly 50 per cent increase compared to the previous year.

A string of breaches continued into this year, with schools, hospitals, and government departments falling victim to cyberattacks.

Help safeguard press freedom & keep HKFP free for all readers by supporting our team

HKFP has an impartial stance, transparent funding, and balanced coverage guided by an Ethics Code and Corrections Policy.

Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit.

https://hongkongfp.com/2024/07/26/oxfam-hong-kong-investigates-potential-data-breach-following-cyberattack/