Cyber Incident Victim: Hongkong Post

On July 21, 2025 Hongkong Post disclosed that it had detected an information security incident involving robotic access to the address books of users of its EC‑Ship service. Upon identification of the unauthorized access, the organization immediately blocked the activity and initiated its incident response procedures. Hongkong Post reported the case to the Police, the Digital Policy Office, the Office of the Privacy Commissioner for Personal Data and the Security Bureau on the same day. The EC‑Ship service was restored to normal operation after the containment measures were applied. The post office emphasized that it was cooperating closely with law‑enforcement investigators.

Based on a preliminary assessment, Hongkong Post stated that the compromised data could include senders’ and recipients’ names, addresses, phone numbers, fax numbers and email addresses stored in the EC‑Ship address books. Investigations are continuing to determine the exact number of affected account holders and whether any personal data has been leaked. Hongkong Post said it will notify affected users as soon as further information becomes available. The organization is seeking guidance from the Digital Policy Office to support its investigation and plans to strengthen overall system security. Hongkong Post also reminded the public that it does not send embedded hyperlinks in emails, SMS or social‑media messages for collecting personal information or requesting payments, and advised citizens to avoid clicking such links or providing personal or financial details in response to suspicious messages purporting to be from Hongkong Post. For any enquiries, the public can contact Hongkong Post at 2921 2222.