Hong Kong Broadband Network, one of Hong Kong’s major internet service providers, has said an inactive customer database had been accessed by an unauthorised person on Monday. The data contained 380,000 customer and service applicant records as they stood in 2012.
The records related to the group’s fixed line and international calling services as of 2012, representing about 11 per cent of the company’s 3.6 million customer records. The information included names, email addresses, correspondence addresses, telephone numbers, identity card numbers and some 43,000 credit card details.
“Upon identifying the unauthorized access, the Group has immediately conducted a thorough internal investigation and engaged an external network security consultant to conduct a comprehensive check of all systems and servers,” the listed company said in an announcement.
It said it has implemented immediate measures to prevent further similar attacks and does not know of any issues with other databases.
“The Company believes that this is an isolated event and it will not have any material impact on the Group’s business and operation.”
It said it took the matter very seriously and reported the incident to the police on Tuesday. It also said it will inform the affected customers and notify the Privacy Commissioner for Personal Data accordingly.
“The Group will fully cooperate with relevant authorities in the process and will spare no effort in the combat against such illegal act[s],” it added.
HKBN told local media that the server was attacked by “advanced skills.”
Privacy Commissioner Stephen Wong said he will demand an explanation from HKBN over why the data were kept online so long in the server, even it was inactive.
Over the past few months, there have been several blackmail schemes targeting travel agencies as hackers sought to steal customer information.