‘Small portion’ of customer data accessed without authorisation in security breach at Hong Kong online shopping platform | South China Morning Post
‘Small portion’ of customer data accessed without authorisation in security breach at Hong Kong online shopping platform
HKTVmall’s parent company, HKTV, says it detected ‘abnormal and suspicious activities’ in its computer systems last month
There was no evidence of financial loss or misuse of customer data, HKTV says, adding it will take responsibility for any unauthorised purchases made as a result of the breach
Sammy Heung
Sammy Heung
+ FOLLOW
Published: 6:47pm, 5 Feb, 2022
Why you can trust SCMP
TOP PICKS
News
Hong Kong hits record 351 Covid-19 infections, plans for ‘worst-case scenario’
5 Feb 2022
Residents line up for Covid-19 jabs at at a vaccination centre in Hong Kong on Saturday. Photo: Xiaomei Chen
News
Hong Kong confirms 342 Covid-19 infections, but fifth wave ‘still to peak’
6 Feb 2022
Residents wait to be tested for Covid-19 at On Hing Playground in Yuen Long on Sunday. Photo: Felix Wong
News
Hong Kong opens quarantine camp to Covid-19 patients as record 614 cases reported
7 Feb 2022
Health workers descend on Mei Tin Estate in Tai Wai on Monday where suspected cases were identified during a lockdown. Photo: Dickson Lee
News
Is Hong Kong heading for ‘living with Covid’ after latest strategy changes?
5 Feb 2022
Makeshift Covid-19 wards at AsiaWorld-Expo at Chek Lap Kok. Photo: Nora Tam
Coronavirus
Hong Kong business leaders worried by possible change to social-distancing curbs
6 Feb 2022
Health minister Sophia Chan has said the flow of people must be halted to combat the fifth wave of the coronavirus. Photo: Dickson Lee
News
4 sent to hospital after early morning fire at flat in Hong Kong high-rise
5 Feb 2022
The fire broke out shortly before 2am at a flat in Kwong Ming Court. Photo: Facebook
News
Recovering Covid-19 patients complain of prolonged stay at Hong Kong facility
6 Feb 2022
Patients have said they were released from the AsiaWorld-Expo several days late despite completing all necessary testing. Photo: Sam Tsang
News
Hong Kong’s Sogo department store to close for weekend over Covid-19 risk
5 Feb 2022
The Sogo department store in Causeway Bay has closed for the weekend after two employees tested preliminary positive for the coronavirus. Photo: Felix Wong
Coronavirus
‘People are feeling trapped’: Covid-19 stress for expats in Hong Kong
7 Feb 2022
In Hong Kong, the pandemic and quarantine are affecting expats both positively and negatively. Photo: EPA-EFE/Jerome Favre
Coronavirus
Bleak Lunar New Year for Hong Kong businesses as Covid rules keep people home
5 Feb 2022
The ban on dine-in services after 6pm has dealt a blow to the food and beverage sector hoping to boost business during the Lunar New Year holiday. Photo: Jonathan Wong
A HKTVmall outlet in Yau Tong. Photo; Dickson Lee
A HKTVmall outlet in Yau Tong. Photo; Dickson Lee
A security breach at one of Hong Kong’s largest online shopping platforms last month led to the unauthorised access of customer information such as delivery addresses, recipient names and contact numbers.
Hong Kong Technology Venture Company Limited (HKTV), HKTVmall’s parent company, said on Friday it had detected “abnormal and suspicious activities” in its computer systems on January 26 as servers located in other Asian regions gained unauthorised access to customer information on its delivery platform.
“A small portion of the 4.38 million registered customer information at HKTVmall was accessed,” it wrote in a statement.
Investigation of the breach at HKTVmall showed affected customer information could include passwords, recipient names and delivery addresses. Photo: Winson Wong
Investigation of the breach at HKTVmall showed affected customer information could include passwords, recipient names and delivery addresses. Photo: Winson Wong
“HKTV has immediately contained the event and conducted a thorough investigation. It has since engaged one international and one local leading cybersecurity firm on January 27, 2022 to conduct investigation, and to further enhance HKTVmall’s robust network and system security measures in addition to the current 24-hour network security monitoring.”
It added that there was no evidence of financial loss or misuse of customer data, while credit card information and order details were untouched.
HKTVmall is one of the city’s most popular online retailers. In January, it handled nearly HK$700 million (US$89.9 million) worth of purchases, processing a daily average of about 47,400 orders.
EVERY SATURDAY
Hong Kong Update Newsletter
By submitting, you consent to receiving marketing emails from SCMP. If you don't want these, tick here
By registering, you agree to our T&C and Privacy Policy
Based on its investigation, it concluded that the affected customer information might include names of account holders, encrypted and masked login passwords, email addresses, recipients’ names, delivery addresses and contact numbers for orders placed between December 2014 and September 2018.
The date of birth, recipients’ names and email addresses for HKTVmall accounts linked to Facebook accounts and Apple ID might also have been accessed.
Privacy watchdog checking if Hongkongers’ LinkedIn data exposed
9 Apr 2021
HKTV promised it would take responsibility for any unauthorised purchases made as a result of the data breach.
Its vice-chairman and group CEO Ricky Wong Wai-kay apologised on behalf of the company.
“We hereby express our sincere apology to the affected customers,” he said.
“Upon discovery of such an incident, the group management, our technical department and the two cybersecurity firms made continuous efforts to investigate and strengthen system security, and will make full effort to prevent further attacks.”
Hong Kong will benefit from cybersecurity law
19 Nov 2021
The company said it had implemented measures to ensure network security and reduce vulnerabilities. It had launched a review to limit the amount of client data that would be collected and retained.
It also reported the breach to police and the Office of the Privacy Commissioner for Personal Data.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, said although only a small portion of the information was involved, there might be tens of thousands of accounts based on the large number of customers using the platform.
“As the passwords are all encrypted, they probably will not be leaked,” he said.
Privacy watchdog demands Facebook tell Hong Kong users personal data was leaked
6 Apr 2021
“The biggest problem is that some hackers may pose as staff from other companies and call the affected customers. By stating the customers’ account names or personal information such as phone numbers and addresses, they may lure the customers into providing passwords or verification codes.”
He urged consumers to be vigilant about such calls or emails. Users should also consider changing the passwords of their accounts on the platform, Facebook or Apple ID and enabling two-step verification as a precaution, he added.
HKTVmall’s parent company, HKTV, says it detected ‘abnormal and suspicious activities’ in its computer systems last month
There was no evidence of financial loss or misuse of customer data, HKTV says, adding it will take responsibility for any unauthorised purchases made as a result of the breach
Sammy Heung
Sammy Heung
+ FOLLOW
Published: 6:47pm, 5 Feb, 2022
Why you can trust SCMP
TOP PICKS
News
Hong Kong hits record 351 Covid-19 infections, plans for ‘worst-case scenario’
5 Feb 2022
Residents line up for Covid-19 jabs at at a vaccination centre in Hong Kong on Saturday. Photo: Xiaomei Chen
News
Hong Kong confirms 342 Covid-19 infections, but fifth wave ‘still to peak’
6 Feb 2022
Residents wait to be tested for Covid-19 at On Hing Playground in Yuen Long on Sunday. Photo: Felix Wong
News
Hong Kong opens quarantine camp to Covid-19 patients as record 614 cases reported
7 Feb 2022
Health workers descend on Mei Tin Estate in Tai Wai on Monday where suspected cases were identified during a lockdown. Photo: Dickson Lee
News
Is Hong Kong heading for ‘living with Covid’ after latest strategy changes?
5 Feb 2022
Makeshift Covid-19 wards at AsiaWorld-Expo at Chek Lap Kok. Photo: Nora Tam
Coronavirus
Hong Kong business leaders worried by possible change to social-distancing curbs
6 Feb 2022
Health minister Sophia Chan has said the flow of people must be halted to combat the fifth wave of the coronavirus. Photo: Dickson Lee
News
4 sent to hospital after early morning fire at flat in Hong Kong high-rise
5 Feb 2022
The fire broke out shortly before 2am at a flat in Kwong Ming Court. Photo: Facebook
News
Recovering Covid-19 patients complain of prolonged stay at Hong Kong facility
6 Feb 2022
Patients have said they were released from the AsiaWorld-Expo several days late despite completing all necessary testing. Photo: Sam Tsang
News
Hong Kong’s Sogo department store to close for weekend over Covid-19 risk
5 Feb 2022
The Sogo department store in Causeway Bay has closed for the weekend after two employees tested preliminary positive for the coronavirus. Photo: Felix Wong
Coronavirus
‘People are feeling trapped’: Covid-19 stress for expats in Hong Kong
7 Feb 2022
In Hong Kong, the pandemic and quarantine are affecting expats both positively and negatively. Photo: EPA-EFE/Jerome Favre
Coronavirus
Bleak Lunar New Year for Hong Kong businesses as Covid rules keep people home
5 Feb 2022
The ban on dine-in services after 6pm has dealt a blow to the food and beverage sector hoping to boost business during the Lunar New Year holiday. Photo: Jonathan Wong
A HKTVmall outlet in Yau Tong. Photo; Dickson Lee
A HKTVmall outlet in Yau Tong. Photo; Dickson Lee
A security breach at one of Hong Kong’s largest online shopping platforms last month led to the unauthorised access of customer information such as delivery addresses, recipient names and contact numbers.
Hong Kong Technology Venture Company Limited (HKTV), HKTVmall’s parent company, said on Friday it had detected “abnormal and suspicious activities” in its computer systems on January 26 as servers located in other Asian regions gained unauthorised access to customer information on its delivery platform.
“A small portion of the 4.38 million registered customer information at HKTVmall was accessed,” it wrote in a statement.
Investigation of the breach at HKTVmall showed affected customer information could include passwords, recipient names and delivery addresses. Photo: Winson Wong
Investigation of the breach at HKTVmall showed affected customer information could include passwords, recipient names and delivery addresses. Photo: Winson Wong
“HKTV has immediately contained the event and conducted a thorough investigation. It has since engaged one international and one local leading cybersecurity firm on January 27, 2022 to conduct investigation, and to further enhance HKTVmall’s robust network and system security measures in addition to the current 24-hour network security monitoring.”
It added that there was no evidence of financial loss or misuse of customer data, while credit card information and order details were untouched.
HKTVmall is one of the city’s most popular online retailers. In January, it handled nearly HK$700 million (US$89.9 million) worth of purchases, processing a daily average of about 47,400 orders.
EVERY SATURDAY
Hong Kong Update Newsletter
By submitting, you consent to receiving marketing emails from SCMP. If you don't want these, tick here
By registering, you agree to our T&C and Privacy Policy
Based on its investigation, it concluded that the affected customer information might include names of account holders, encrypted and masked login passwords, email addresses, recipients’ names, delivery addresses and contact numbers for orders placed between December 2014 and September 2018.
The date of birth, recipients’ names and email addresses for HKTVmall accounts linked to Facebook accounts and Apple ID might also have been accessed.
Privacy watchdog checking if Hongkongers’ LinkedIn data exposed
9 Apr 2021
HKTV promised it would take responsibility for any unauthorised purchases made as a result of the data breach.
Its vice-chairman and group CEO Ricky Wong Wai-kay apologised on behalf of the company.
“We hereby express our sincere apology to the affected customers,” he said.
“Upon discovery of such an incident, the group management, our technical department and the two cybersecurity firms made continuous efforts to investigate and strengthen system security, and will make full effort to prevent further attacks.”
Hong Kong will benefit from cybersecurity law
19 Nov 2021
The company said it had implemented measures to ensure network security and reduce vulnerabilities. It had launched a review to limit the amount of client data that would be collected and retained.
It also reported the breach to police and the Office of the Privacy Commissioner for Personal Data.
Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, said although only a small portion of the information was involved, there might be tens of thousands of accounts based on the large number of customers using the platform.
“As the passwords are all encrypted, they probably will not be leaked,” he said.
Privacy watchdog demands Facebook tell Hong Kong users personal data was leaked
6 Apr 2021
“The biggest problem is that some hackers may pose as staff from other companies and call the affected customers. By stating the customers’ account names or personal information such as phone numbers and addresses, they may lure the customers into providing passwords or verification codes.”
He urged consumers to be vigilant about such calls or emails. Users should also consider changing the passwords of their accounts on the platform, Facebook or Apple ID and enabling two-step verification as a precaution, he added.
