Cyber Incident Victim: Hong Kong Arts Development Council

The Hong Kong Arts Development Council (HKADC) detected a cybersecurity incident on April 26, 2024, prompting an immediate organizational response. Operational disruptions occurred, though the specific nature or duration of these disruptions was not detailed in public statements. HKADC activated its emergency response system upon discovery to prevent further intrusion, indicating proactive containment measures. The council appointed external cybersecurity experts to conduct a comprehensive system inspection and recovery process, suggesting potential compromise of internal infrastructure. An impact assessment was initiated to evaluate the scope and severity of the breach. Preliminary findings indicated no evidence of data leakage or misuse as of April 30, 2024, with specific emphasis on protecting applicant information from various grant programs. This confirmation addressed concerns about sensitive personal data exposure given the council's role in administering cultural funding schemes.

HKADC formally reported the incident to Hong Kong's Office of the Privacy Commissioner for Personal Data and local law enforcement authorities by April 30, complying with regulatory obligations. The Culture, Sports and Tourism Bureau also received notification, reflecting interagency coordination on the matter. Organizational remediation efforts included reviewing and strengthening computer network security configurations and system protections to prevent recurrence. Staff operational procedures underwent reassessment to identify potential vulnerabilities in daily workflows that might have facilitated the attack. While the attackers' methods and objectives remained unspecified, HKADC emphasized its historical commitment to cybersecurity and data privacy principles throughout its public communications. No ransomware demands, data extortion attempts, or claims of responsibility were disclosed in available reports.