Goldjoy

Goldjoy operates as a travel agency that arranges transportation, accommodation and tour packages for individuals and groups. The company serves customers primarily in Hong Kong, drawing on its location in China to facilitate both domestic and international itineraries. Its core business involves booking flights, hotel stays and guided excursions through online platforms or physical offices. In the course of these services Goldjoy collects and stores personal information such as names, identification numbers, passport details and contact numbers from its clients. This data handling is essential for issuing tickets, visas and travel confirmations. The agency positions itself within the broader tourism sector as a provider of convenient, end‑to‑end travel planning.

In January 2018 Goldjoy experienced a cybersecurity breach in which unauthorized parties accessed its customer database containing the aforementioned personal data. The attackers demanded a ransom payment in bitcoin to prevent the release of the compromised information. Following the incident Goldjoy issued a public apology, reported the breach to law‑enforcement authorities and began tightening its security measures. Police investigated the attack and noted similarities with other recent intrusions targeting travel agencies in the region. The Privacy Commissioner highlighted the case as indicative of a growing trend of data breaches in industries that manage large volumes of personal data. To address the vulnerabilities Goldjoy engaged external technical experts to assess and remediate its systems.