Sensitive data, including employee details and credit card records, from a Hong Kong technology park that describes itself as a “digital technology flagship” have been leaked online, the company said.
Cyberport said in a statement released on Tuesday it had been the victim of a “malicious intrusion” in mid-August and found information related to the hack “on the dark web”.
The data included “names and contact details of individuals, human-resources related data of employees, ex-employees and job applicants, and a small number of credit card records”, it said.
Operating since 2004, Cyberport described itself as a “digital technology flagship and incubator for entrepreneurship” and said it has more than 800 start-ups and technology firms at its site in southern Hong Kong island.
The hack was not disclosed until September 6, nearly three weeks after Cyberport notified Hong Kong’s privacy watchdog, leading lawmakers and experts to question the delay.
“We decided not to disclose the incident externally to avoid any unnecessary concern,” it said, adding that it did not initially know the extent of the damage.
“As the victim of a malicious intrusion, Cyberport condemns all form of cybercrime and will fully cooperate with law enforcement.”
The hack has been linked to ransomware Trigona after a website bearing its logo posted 438 gigabytes of Cyberport files.
A spreadsheet seen by AFP listed the birthdays, addresses, ID card numbers, salaries and computer passwords of 166 current and former employees, including six executives.
Other files included information about company finances, business plans, government dealings and legal correspondence.
Hong Kong’s technology minister Sun Dong said on Wednesday the government was “highly concerned” about the breach and has ordered all its departments to step up digital security.
Hong Kong police said they were investigating, as was the city’s privacy watchdog.