Hong Kong’s 3.7 Million Voters Exposed in Massive Breach

Uploaded on 2017-03-30 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Hong Kong might just have experienced its biggest ever data breach after the personal details of the Special Administrative Region (SAR)’s 3.7 million voters were stolen on two laptops.

The details are said to have included ID card numbers, addresses and mobile phone numbers. They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport.

The center is said to be the “back-up venue” for the region’s chief executive elections, which took place recently. The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted, although it’s unclear how strong that encryption is.

It’s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong’s CEO.

The SAR’s privacy watchdog said in a statement that it is launching an investigation into the matter.

Over a three-year period from 2013 to 2016, the privacy commissioner’s office is said to have received 253 data breach notifications.

Eduard Meelhuysen, EMEA boss at Bitglass, argued that public sector breaches stand out as particularly concerning. "Whether it’s the NHS or the Hong Kong Registration and Electoral Office, these organisations need to remember their duty of care, not to mention legal obligations, to protect citizens' and employees' data,” he said.

“This means not only keeping sensitive data encrypted, but also controlling where it goes using tools like access control and data leakage prevention. Is it really a business necessity to store the information of millions of citizens on a laptop?"

Infosecurity

Nation State Hacking Has A Big Commercial Impact:

Big Data Analysis – Now Used For Politics…:

 

« WikiLeaks Dump Shines Light On US Intelligence’s Zero-Day Policy
Hackers Threaten To Attack Israel's Cyber Infrastructure »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

DeviceLock

DeviceLock

DeviceLock is a leading provider of endpoint device/port control and data leak prevention software.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

QuSecure

QuSecure

QuSecure provides a software-driven security architecture that overlays your current infrastructure and provides next-generation security to protect your entire network from quantum threats.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Finite State

Finite State

Finite State enables product security teams to protect the devices we rely on every day through market-leading software threat, vulnerability, and risk management.

Cyex

Cyex

Cyex helps people to become cyber wise. We enable our clients to find, track and improve cyber awareness in one place.

ZEST Security

ZEST Security

The ZEST platform natively integrates into your technology stack to make efficient risk remediation possible.