Personal details of more than 8,000 students at a private Hong Kong college have been stolen and reportedly posted on the dark web, the latest in a spate of cyberattacks in the city which have sparked calls for tighter safeguards.
The Hong Kong College of Technology – which offers a government-subsidised Higher Diploma in Cybersecurity – said on Thursday it suffered a ransomware attack by hackers in late February, in which many internal documents were stolen and encrypted.
“This attack was not a typical one but rather a highly targeted and unusual cyber attack. HKCT strongly condemns any form of cybercrime and expresses deep apologies for the inconvenience and disturbance caused by this incident, ” the college said in a Chinese statement.
It said it would provide a free six-month “credit monitoring service” and “dark web monitoring service” for victims, but declined to reveal how many students or staff had been affected.
Media reports said the information surfaced on the dark web this week.
The Privacy Commissioner for Personal Data told HKFP the data breach had affected around 8,100 students, whose personal information such as names, identity card numbers, addresses, email addresses and phone numbers were leaked.
The commissioner said it was investigating the breach. It advised all victims to change passwords for online accounts, set up two-step verification, and be alert to any suspicious phone calls or links sent to their email or phones.
Ransomware targeting local groups
There have been a wave of cyberattacks against organisations in the city, including the technology park Cyberport and the private Union Hospital.
The hospital’s computer system was attacked by ransomware called LockBit in April, resulting in partial operational paralysis, local media outlets reported.
In August last year, a hacker accessed Cyberport’s network and maliciously encrypted files on the server. The hackers demanded a ransom of US$300,000. Cyperport did not pay and 400GB of stolen data was later posted to the dark web, TVB reported.
In September last year, the Consumer Council’s computer system was hacked, resulting in a data breach involving information on 289 people who had made complaints to the council and on some staff and former staff.
Francis Fong, honorary president of the Hong Kong Information Technology Federation, told HK01 following the Union Hospital cyberattack that victims should not pay ransoms as hackers might still make stolen data public regardless of any payment.
Fong urged all public and private institutions to regularly update their computer systems to fix vulnerabilities and enhance security.
Help safeguard press freedom & keep HKFP free for all readers by supporting our team
