Hong Kong Personal Data Privacy Commissioner's Office (referred to as the Privacy Commissioner's Office) on Tuesday (April 2) issued a survey report on Hong Kong Digital Port Management Co., Ltd. (referred to as digital port) data.It is caused by five missing.
Comprehensive Ming Pao and online media "Hong Kong 01" and other reports, the digital port discovered that the system was invaded by the hacker organization last August and stole more than 13,000 people.Dark web, causing data leakage.Related information exceeds 400GB, including the name, ID number, passport number, bank account information, etc.
According to the investigation of network security experts, the cause of the accident was that the hacker obtained an account voucher with a digital port with administrator permissions, and entered the internal network through the remote desktop connection.13 Windows systems and two virtual servers of Digital port are invaded.
The Privacy Commissioner's Office said that the above accidents spread to 13,632, of which about 40 % became job seekers and resigned employees (5292).
The report of the Privacy Commissioner reports the five lacks of the accident, that is, the information system of the digital port lacks effective detection measures; second, the multiple certification functions are not enabled for remote access data,Use the user identity of the authorized remote login to the digital port network; 3. The security audit of the information system is insufficient, and the last audit distance before the incident has exceeded 19 months.The risk of changes and network security; 4. Failure to allow employees to have a specific network security framework to follow; 5. Delete the collected personal data collected after the reserved period expires according to the reserved period.