The Registration and Electoral Office of Hong Kong has reported the disappearance of two laptop computers after the chief executive election. The laptops contained around 3.7 million city’s voters personal information that could be compromised after the one of the most significant, if not the biggest ever data breaches in Hong Kong.
The information that was stored on these devices also included the names of 1,200 electors on the Election Committee. These are the names of the people who selected Carrie Lam Cheng Yuet-ngor as Hong Kong’s chief executive this Sunday, reports South China Morning Post.
The theft of these two computers apparently happened in the room at the AsiaWorld-Expo on Lantau that was described as the election’s “fallback venue.”
The office has given the official statement concerning the disappearance of the laptops, and in this statement, they claimed that there is no information about any relevant data leaks so far and that the information contained on the laptops had been encrypted.
The situation has been reported to the police around 4.40pm on Monday, and so far it has been treated as theft. Even though the New Territories South regional crime unit is being investigated with possible suspicions concerning the crime, no one has been arrested so far.
A spokesman for the Office of the Privacy Commissioner for Personal Data said that “The case involves a huge amount of personal data. The office is going to launch a probe.”
The theft of the computers has also been reported to the Constitutional and Mainland Affairs. In this report, it was stated that the computers had been found missing since Monday afternoon. So far, there was no comment from the AsiaWorld Expo.
Fung Wai-wah, the Election Committee member, stated that there was no information about the existence of the backup center for the election.
The comment from another committee member, lawmaker Charles Mok, says that he found it “puzzling” that the data concerning the general voters was stored together with that of the committee members and gave his theory about why this happened. “Perhaps they didn’t put the voters’ data in a proper place after last year’s legislative elections and then the devices were used for the chief executive election,” he said.
A similar data breach was reported last September when a computer that belonged to the University of Hong Kong’s department of medicine was stolen from the Queen Mary Hospital. This time, a 3,675 patients’ personal information was stolen.
The Constitutional and Mainland Affairs Bureau stated that during the period from June 2013 to May 2016, there was a total of 253 notifications received concerning the data breach incidents and that personal data that was stolen included names, contact information, and personal identification numbers.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.