The agency said public sector companies accounted for 48, or nearly a third, of all data breaches reported last year.
Meanwhile, the number of data breaches involving hacking also doubled from 29 in 2022 to 64 in 2023, accounting for approximately 41% of all breaches.
“The increase in hacking incidents has raised concerns for us,” said Ada Chan Lai-lin, the privacy commissioner for personal data. “This is a global trend that is attracting attention and calls for more work.”
She added that her office will prioritize education and efforts to raise awareness among companies about how to best protect user data.
Approximately 43% of all reported data breaches occurred between October and December, due in part to the office’s education efforts following a series of high-profile incidents earlier this year. Chong said that this was due to.
Surveillance authority finds online platform Carousel violates Hong Kong privacy laws
Surveillance authority finds online platform Carousel violates Hong Kong privacy laws
“I think my office needs to do more education and outreach, and that will be one of our focuses this year,” she added, noting that the organization recently He highlighted the launch of hotlines, themed websites and online sites. I used the scanner last November.
Chung said the agency also conducted 115 courses for businesses on protecting data privacy and security.
According to a report released last year by the Privacy Bureau and the Hong Kong Productivity Council, about 73% of businesses in Hong Kong suffered a cyber attack between November 2022 and 2023.
The Consumer Council announced in September that the personal data of up to 25,000 people may have been compromised after Bodies was hit by a ransomware attack.
Hong Kong tech hub Cyberport warns police after cyber security breach
Hong Kong tech hub Cyberport warns police after cyber security breach
The Hong Kong Laureate Foundation, Hong Kong Post and Hi-Tech Park’s Cyberport were also targets of hacking and ransomware attacks last year.
A few days after the New Year, the Department of Social Welfare was forced to issue a public apology after a contract employee leaked the English names of approximately 1,300 people registered for the disability subsidy system online.
Also on Monday, the office announced that all stores with mobile apps analyzed by the office tracked user behavior and engaged in direct marketing, requiring restaurants to opt-out of mobile apps that do not involve collecting personal data. Asked to provide a digital food ordering method.
Of the 60 restaurants surveyed between November and January, 10 had mobile apps for ordering, and the rest provided QR codes for customers to place orders.
The office said the mobile apps of 10 fast-food restaurant chains, including McDonald’s, Starbucks, KFC, Café de Coral and Fairwood, all tracked users’ activities through their apps. This includes data via cookies, location and browsing data, transaction records, and payment records, he said.
Hong Kong company fails to protect credit history of 180,000 people: watchdog
Hong Kong company fails to protect credit history of 180,000 people: watchdog
Others included Genki Sushi, Satay King, Tamjai Samgor, Tamjai Yunnan Mixian, and Yoshinoya.
It was also discovered that all 10 chains were marketing directly to customers, and an investigation was launched into one store because the company did not obtain customer consent.
The report also raised concerns about restaurants using QR codes for ordering, saying they could be tampered with and could lead customers to fake websites or malware that could put their personal data at risk. He pointed out that there is.
The office asked restaurants to provide ordering methods that do not require customers to disclose personal information, establish data retention policies, regularly delete unnecessary customer information, and prevent QR codes from being tampered with.
It also asks customers to “carefully consider” the type of personal information they wish to share through the ordering platform, provide the “minimum” required data to place an order, download an app or scan a QR code from a genuine source. He advised them to only do what they can.
