The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong Special Administrative Region (SAR) of China has issued a reminder to organisations to stay alert to the potential for cyberattacks on their email systems.
The PCPD released its work report for 2021 alongside an investigation report into a cyberattack by a hacker into the email system of Nikkei China (Hong Kong) Limited (Nikkei). Nikkei submitted a data breach notification to the PCPD in March 2021, stating that a hacker compromised the email accounts of six employees and forwarded the emails that had been sent to those email accounts to two unknown email addresses. During this incident, the personal data of over 1,600 customers was breached.
The privacy commissioner suggested organisations that have an email system which handles customers’ personal data take measures to prevent cyberattacks. The measures include setting up a personal data privacy management programme; appointing data protection officers; devising a policy on email communications; taking adequate security measures; and fostering a privacy-friendly culture in the workplace
Jennifer Wu of Pinsent Masons said: “Companies need to ensure that they have taken all reasonable and practicable measures. In doing so, educating employees on email communications and account security is a must do for any organisation. Review your policies and procedures yearly to make sure they remain up to date.”
In March 2022, a hotel and an online retailer in the Hong Kong SAR suffered data breaches which affected over 1.2 million customers’ personal data.