Date
17 October 2018
People having registered accounts with public libraries, which are managed by the Leisure and Cultural Services Department, have been advised to change their preset passwords following a suspected data breach. Photo: Now News video
People having registered accounts with public libraries, which are managed by the Leisure and Cultural Services Department, have been advised to change their preset passwords following a suspected data breach. Photo: Now News video

Public library users warned of possible data breach

A former female staffer of an outsourced service contractor of Hong Kong Public Libraries (HKPL) is believed to have illegally accessed the online accounts of registered users of the city’s public libraries.

The suspect, who resigned before she was placed under arrest, had been responsible for handling returned library materials from readers at Tseung Kwan O Public Library, according to the Leisure and Cultural Services Department (LCSD), which manages Hong Kong’s public libraries.

The woman gained access to users’ online accounts without authorization, the department said on Wednesday, hk01.com reports.

According to a spokesman for the department, the HKPL launched an investigation after receiving enquiries from registered users about unsuccessful attempts to log into their online accounts.

The probe by the HKPL determined that there were at least 129 users whose accounts had been improperly accessed. 

The woman was suspected to have logged into the accounts of the users, and then reported those users’ library cards as lost or changed their passwords. 

Police arrested the suspect after receiving a report from the LCSD, which also informed the Office of the Privacy Commissioner for Personal Data.

According to reports, the arrest took place on May 24.

The LCSD has contacted 86 of the affected users.

Apologizing to the affected users, the LCSD spokesman said the department will fully assist in the police investigation and that it has set up a task force led by an assistant director to fully review the security measures.

Among the aspects that will be examined is management of HKPL registered users’ personal data, and enhancing the monitoring mechanism on HKPL outsourced service contractors’ performance to prevent similar incidents from happening again.

The spokesman, meanwhile, urged HKPL registered users to change the preset passwords of their online accounts as soon as possible, if they have never done so, to protect their personal data.

HKPL registered users can call the LCSD hotlines, 2601 8218 and 2601 7348, during office hours for enquiries.

– Contact us at [email protected]

TL/JC/RC

EJI Weekly Newsletter

Please click here to unsubscribe