Companies Registry’s e-services maintained after earlier incident of personal data leakage

The Companies Registry (CR) has announced the completion of urgent maintenance on its e-Services Portal to prevent any further leakage of personal data. Following a thorough investigation, it was discovered that the contractor’s system design had inadvertently caused the transmission of additional personal data to the client’s computer. Although this data was not visible on the search result pages, it could be accessed using a web developer tool or through robotic searches. The same issue was also identified in the electronic submission of notices related to third parties appointed by licensed money lenders. Approximately 110,000 individuals have been affected by this incident, with their personal data including names, passport numbers, identity card numbers, residential addresses, telephone numbers, and email addresses being compromised. The CR has commenced the process of notifying the affected data subjects in batches, providing explanations and apologies for the breach. Recognizing the seriousness of the situation, the CR is collaborating with the Office of the Privacy Commissioner for Personal Data and the Office of the Government Chief Information Officer to conduct a comprehensive review of the incident. They aim to implement enhanced measures for personal data protection to prevent similar incidents from occurring in the future. Resources: https://www.cr.gov.hk/en/publications/news-press/press/20240503.htm