Cyber Incident Victim: Hongkong Post

Hongkong Post reported an information security incident involving robotic access to information in the address books of its EC-Ship account holders. The organisation condemned the attack and stressed that it would work closely with the Police on the investigation. Upon identifying the incident, Hongkong Post took immediate measures to block the unauthorised access. It followed established guidelines and reported the case to the Police, the Digital Policy Office, the Office of the Privacy Commissioner for Personal Data, and the Security Bureau on the same day. The EC-Ship service has resumed normal operation.

Based on a preliminary assessment, Hongkong Post said the incident could involve information in the address books of EC-Ship account holders, including senders’ and recipients’ names, addresses, phone numbers, fax numbers and email addresses. Investigations are ongoing to ascertain the number of account holders affected and whether any personal data leakage is involved. Hongkong Post stated that it will inform affected account holders when further updates become available. The service is seeking advice from the Digital Policy Office to assist with its investigations and will further strengthen system security measures. Hongkong Post reiterated that it does not send embedded hyperlinks via emails, SMS messages or social media pages for the collection of personal information or requesting payment. For enquiries, the public may call 2921 2222.