Hongkong Post falls prey to cyber attack

Hongkong Post has been hit by a cyber attack, leading to the unauthorised disclosure of names, addresses, and phone numbers of senders and recipients using the EC-Ship (投寄易) service.

This follows Hongkong Post’s identification of an information security incident on Monday (21 July). A day after, it reported the preliminary investigation results, stating that an unauthorised party had cyberattacked the system by making countless attempts at midnight on 20 July and the following day to access and retrieve information through the address book function of EC-Ship system. 

After detecting abnormal activities, Hongkong Post activated its blocking mechanism immediately, disabling the EC-Ship account involved in the cyberattacks. During this blockage, the address book information of the affected accounts, including senders' and recipients' names, addresses, phone numbers, fax numbers, and email addresses, was accessed and retrieved.

Furthermore, the Hong Kong Police Force (HKPF) has initiated an investigation into the incident. The Digital Policy Office (DPO) is also in close communication with Hongkong Post on the incident, noting that it has taken immediate actions by promptly blocking the cyberattacks and enhancing the security measures of the system. The services concerned have resumed normal and account holders involved can continue to use the services.

Hongkong Post said will fully cooperate with the HKPF and closely monitor the situation regarding the involved information. It has sent emails to inform all affected account holders today and reminded them to remain vigilant, and to immediately inform relevant persons of their address books about this incident and remind them to be vigilant.

The spokesman for Hongkong Post said that the global cybersecurity landscape was evolving, with various forms of cyberattacks emerging continuously. Hongkong Post will actively seek advice from the DPO to continuously enhance the cyber resilience level and cybersecurity risk management, to safeguard the information security of users and to prevent similar incidents from happening again.

Hongkong Post has reiterated that it will not send embedded hyperlinks via emails, SMS messages or social media pages for collecting personal information or requesting payment. Hongkong Post wishes to alert members of the public again to refrain from clicking on any embedded links or providing any personal or financial information such as credit card information, or making any payment to suspicious emails or SMS messages alleged to be sent by Hongkong Post.

(Photo courtesy: Link's website)

Related articles:

HK privacy watchdog opens probe into Louis Vuitton HK's data breach
Dior apologises over unauthorised China data leak
InvestHK opens probe into potential data leak following ransomware attack