Oxfam Hong Kong data leak watchdog rules charity violated privacy law South China Morning Post

pPrivacy commissioner says charity failed to take all practicable steps to ensure personal data protectionppThe local arm of international charity Oxfam violated the data protection law following a leak in July that potentially affected 550000 people Hong Kongs privacy watchdog ruled in an investigation report on ThursdayppThe Office of the Privacy Commissioner for Personal Data also revealed there had been a nearly 30 per cent yearonyear increase in breach notifications in 2024 It said the number of doxxing cases fell 42 per cent year on yearppThe privacy commissioner considered that Oxfam had not taken all practicable steps to ensure that the personal data involved was protected against unauthorised or accidental access processing erasure loss or use the office said in the investigation report about the leak in July last yearppThe report said Oxfam Hong Kong had contravened the Data Protection Principle DPP 41 of the Personal Data Privacy Ordinance concerning the security of personal datappThe threat actor deployed DarkHack ransomware in Oxfams information systems resulting in file encryption and data exfiltration A total of 37 servers and 24 workstations or notebook computers belonging to Oxfam were compromised it saidppPrivacy Commissioner Ada Chung Lailing said she had served an enforcement notice on Oxfam directing it to take measures to remedy the contravention and prevent recurrence of similar incidents in the futurep