Hackers have accessed an inactive Hong Kong Broadband Network database containing the personal information of some 380,000 customers, including details of 43,000 credit cards, the internet service provider has announced.
In a statement on its website, HKBN, the city’s second biggest fixed-line residential broadband provider, said it discovered on Monday there had been “unauthorized access” to an “inactive customer database” holding customer data as of 2012.
It includes 380,000 customer and service applicant records of HKBN fixed and IDD services, which represented about 11 percent of the company’s 3.6 million records.
Information in the database includes names, email addresses, correspondence addresses, telephone numbers, identity card numbers and information on some 43,000 credit cards, the statement said.
HKBN said it was “not aware” of any other databases that had been affected.
It added the matter had been reported to police, referred to the Privacy Commissioner for Personal Data, and an internal investigation had been launched.
Affected customers would also be notified, it said.
“We are continuing the investigation to identify the cause of the unauthorized, and will spare no effort in the combat against such illegal act, implementing rigorous measures to prevent similar incidents from happening again,” the statement read.
“We would also like to take this opportunity to apologise to our affected customers.”
“The data protection principle under the privacy laws in Hong Kong do state very clearly that for personal information that’s being kept by the data user — that is the company — you have to make sure that you don’t keep this information longer than what is necessary,” Mok said.