Hong Kong Cyberport defends move to not reveal hacking attack, says stolen data includes details on staff and ex-workers, credit card records

It added: “We were subsequently made aware that some information available on the dark web could potentially be related to the incident and we immediately made a public announcement on [September 6] and contacted persons who may have been affected.”

Cyberport is a base for 1,900 start-ups and tech companies. Photo: Shutterstock

Police said an investigation by the force’s cybersecurity and technology crime bureau was under way.

The Office of Privacy Commissioner for Personal Data on Tuesday said it had since received one inquiry from an affected individual. The privacy watchdog said it had launched a compliance investigation, but declined to go into further details.

The stolen data was available on the dark web, a hidden corner of the internet, but the tech hub did not mention the scale of the breach.

A ransomware group reportedly blackmailed Cyberport after hacking its computer system and stealing and encrypting the data. It demanded that a ransom of US$300,000 be paid by Tuesday to get back access to the data.

‘No system is invincible’: technology-related crimes in Hong Kong surge 47.3%

According to Cyberport, a sizeable amount of personal data was limited to individuals’ names and contact details, including phone numbers or email addresses.

Human resources-related data included identity card number, date of birth, social media accounts, and academic and bank account details, as well as health information.

Cyberport said it had engaged independent cybersecurity experts to investigate the incident and provide a remedy. The investigation and remediation were continuing.

The business park has 140 employees and is a base for 1,900 start-ups and tech companies.

The data breach was first disclosed earlier this month by cybersecurity information platform FalconFeedsio, which said on social media that ransomware group Trigona had added Cyberport to its victim list.

Hong Kong records sixfold rise in technology-based crimes in a decade

According to Palo Alto-based cyber-risk consultancy Unit 42, Trigona ransomware is relatively new and was first discovered by security researchers in late October 2022, with organisations involved in manufacturing, finance, construction, agriculture,…