20 May 2019
Hong Kong Broadband Network CEO William Yeung has apologized to all affected customers. Photo: HKEJ
Hong Kong Broadband Network CEO William Yeung has apologized to all affected customers. Photo: HKEJ

Police launch probe after HKBN customer data hacked

Police have launched an investigation after Hong Kong Broadband Network (HKBN) found that one of its servers containing customer data has been hacked.

In a statement issued on Wednesday, HKBN, the city’s second-largest fixed-line residential broadband operator, said it discovered an unauthorized access to an inactive customer database on Monday.

The company said it is conducting a thorough internal investigation and has tapped an external network security consultant to undertake a comprehensive check of all systems and servers, the Hong Kong Economic Journal reports.

The company, which reported the incident to the police on Tuesday, promised to inform the affected customers immediately and fully cooperate with the police investigation.

A police spokesperson said its Cyber Security and Technology Crime Bureau has been following up on the case.

The Privacy Commissioner for Personal Data Stephen Wong Kai-yi confirmed that his office has received a notice from HKBN and is highly concerned about the suspected intrusion into the company’s customer database.

The hacking incident involved a large number of customers and their personal information, Wong said, adding that the office has taken the initiative to launch an investigation.

According to HKBN, initial investigation showed that the hacked database contains information of about 380,000 customer and service applicant records of the company’s fixed and IDD services as of 2012, representing around 11 percent of its 3.6 million customer records.

The hacked information includes names, email address, correspondence addresses, telephone numbers, identity card numbers and about 43,000 credit card information.

HKBN said the company saves former customers’ information in its backend database for seven years before it is deleted.

The company said it has immediately implemented measures to prevent similar attacks in the future. But it believes the hacking incident was isolated and would not have any material impact on its business and operation.

In response to media inquiries, the company’s chief executive William Yeung Chu-kwong apologized to all affected people, saying it was the first time that the company encountered a suspected hacking incident.

The company’s internal management team and the external network security consultant hired by the company believe the hackers had used state-of-the-art technology, Yeung said, adding that HKBN has not been approached by any suspected hacker so far.

Asked if HKBN will compensate customers who suffered losses as a result of the incident, although they would be considered on a case-by-case basis.

An expert from the Professional Information Security Association suspected the hackers might have used a sophisticated computer hacking technique named “advanced persistent threat” (APT), which normally involves a high degree of covertness over a long period of time and uses the e-mail system as an entry point.

– Contact us at [email protected]


EJI Weekly Newsletter

Please click here to unsubscribe