[BreachExchange] The personal data of all of Hong Kong's 3.7 million registered voters have been stolen

Audrey McNeil audrey at riskbasedsecurity.com
Tue Mar 28 18:57:24 EDT 2017 

http://mashable.com/2017/03/28/hong-kong-voter-data-stolen/

Two laptops containing personal information of Hong Kong's 3.7 million
registered voters have been stolen.

The laptops were reported missing by Hong Kong's electoral office, in what
could be the city's largest data breach.

They were reportedly stolen from a locked room on Lantau Island, off the
main Hong Kong island. The room was a designated backup venue for the chief
executive elections held over the weekend.

The stolen data included names, addresses and identity card numbers of
voters, the office said in a statement.

The data was encrypted, so it'll be a lot harder — albeit not impossible —
for information to be leaked, the South China Morning Post reports.

Hong Kong's privacy commissioner for personal data said in a statement that
it had been notified of what happened, and added that it will launch a
"routine probe" into the issue. Police also said that they are treating the
case as theft, but no arrests have been made so far.

The data breach has drawn sharp criticism from lawmakers and Hong Kong
citizens. "This is unacceptable," Charles Mok, a lawmaker representing the
city's IT sector, wrote on Facebook. "There's no reason why the data was
stored on computers that could have been stolen; they could have encrypted
it on the cloud."

While the city has 3.7 million registered voters, only 1,194 votes were
eligible to be cast on Sunday.

Since Hong Kong's separation from British rule in 1997, the city has
designated a pre-selected group of voters from its business and political
establishment to represent the population.

A Reddit user pointed this out too, asking: "Why did they need to store the
full register [for the chief executive election] instead of just the list
of 1,194 'election' committee members?"

The city's residents also responded with trademark sarcasm:

Adam Lee says: "Wow, it's true what they say, that WeConnect." (WeConnect
refers to Carrie Lam's winning campaign slogan.)

"Try asking the people at Sai Wan (where Beijing's liaison office with Hong
Kong is located), you could probably find it there."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170328/3c90003e/attachment.html>

More information about the BreachExchange mailing list