The personal data of 380,000 customers of Hong Kong Broadband Network (HKBN), has been hacked, according to a statement from the company.
HKBN, the city’s second largest fixed-line residential broadband provider, said that the data, which was in an inactive customer database with details on customer and service applicant records from 2012 was accessed by an “unauthorized person” on Monday.
Compromised information included names, email addresses, correspondence addresses, phone numbers, identity card numbers and some 43,000 credit card details.
HKBN has claimed that it has taken severe measures to contain the breach, and to examine its systems for possible other data leaks.
“Upon identifying the unauthorized access, the Group has immediately conducted a thorough internal investigation and engaged an external network security consultant to conduct a comprehensive check of all systems and servers,” the company said in an announcement.
So far, HKBN believes that this is “an isolated event” and that “it will not have any material impact on the Group’s business and operation.” That said, the leak of customer’s PII, including payment card info can do untold damage to brand reputation, and could possibly result in lawsuits.
Details on the attack vector were scarce, with HKBN vaguely telling local media that the attackers used “advanced skills” to access the database.
While we don't know the nature of the database accessed in this instance, misconfigured and unsecured online databases have become a common attack vector for bad actors in recent years. Amazon S3 buckets are a particularly popular target, as a misconfigured bucket is often accessible to anyone with a free Amazon account and the right URL.
Hong Kong’s Privacy Commissioner, Stephen Wong has said he will demand an explanation from HKBN over why inactive customer data was stored on an online server for years.
Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.Learn More
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.