Hong Kong’s 3.7 Million Voters Exposed in Massive Breach

Hong Kong might just have experienced its biggest ever data breach after the personal details of the Special Administrative Region (SAR)’s 3.7 million voters were stolen on two laptops.

The details are said to have included ID card numbers, addresses and mobile phone numbers. They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport.

The center is said to be the “back-up venue” for the region’s chief executive elections, which took place recently. The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted, although it’s unclear how strong that encryption is.

It’s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong’s CEO.

The SAR’s privacy watchdog said in a statement that it is launching an investigation into the matter.

Over a three-year period from 2013 to 2016, the privacy commissioner’s office is said to have received 253 data breach notifications.

Eduard Meelhuysen, EMEA boss at Bitglass, argued that public sector breaches stand out as particularly concerning. "Whether it’s the NHS or the Hong Kong Registration and Electoral Office, these organisations need to remember their duty of care, not to mention legal obligations, to protect citizens' and employees' data,” he said.

“This means not only keeping sensitive data encrypted, but also controlling where it goes using tools like access control and data leakage prevention. Is it really a business necessity to store the information of millions of citizens on a laptop?"

Infosecurity

Nation State Hacking Has A Big Commercial Impact:

Big Data Analysis – Now Used For Politics…:

 

« WikiLeaks Dump Shines Light On US Intelligence’s Zero-Day Policy
Hackers Threaten To Attack Israel's Cyber Infrastructure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

Cybersecurity & Infrastructure Security Agency (CISA)

Cybersecurity & Infrastructure Security Agency (CISA)

CISA leads the national effort to defend critical infrastructure against the threats of today and to secure against the evolving risks of tomorrow.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Internetwork Defense (IND)

Internetwork Defense (IND)

Internetwork Defense is a premier provider of Information Security Training and Business Consulting Services in the Mid-Atlantic region.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Purple Knight

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

Tutanota

Tutanota

Tutanota is the world’s first end-to-end encrypted mail service that encrypts the entire mailbox.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Code First Girls

Code First Girls

Code First Girls are on a mission to close the gender gap in the tech industry by providing employment through free education.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.