<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Hong Kong Broadband Network Exposes Data of 380,000 Customers

Jeff Edwards| April 20 2018

| security

hongkong

The personal data of 380,000 customers of Hong Kong Broadband Network (HKBN), has been hacked, according to a statement from the company.

HKBN, the city’s second largest fixed-line residential broadband provider, said that the data, which was in an inactive customer database with details on customer and service applicant records from 2012 was accessed by an “unauthorized person” on Monday.

Compromised information included names, email addresses, correspondence addresses, phone numbers, identity card numbers and some 43,000 credit card details.

"An Isolated Incident"

HKBN has claimed that it has taken severe measures to contain the breach, and to examine its systems for possible other data leaks.

Transfer Files to Amazon S3 Safely and Securely. Try a free trial of MOVEit  Automation today.

“Upon identifying the unauthorized access, the Group has immediately conducted a thorough internal investigation and engaged an external network security consultant to conduct a comprehensive check of all systems and servers,” the company said in an announcement.

So far, HKBN believes that this is “an isolated event” and that “it will not have any material impact on the Group’s business and operation.” That said, the leak of customer’s PII, including payment card info can do untold damage to brand reputation, and could possibly result in lawsuits.

Online Databases are a Common Attack Vector

Details on the attack vector were scarce, with HKBN vaguely telling local media that the attackers used “advanced skills” to access the database.

While we don't know the nature of the database accessed in this instance, misconfigured and unsecured online databases have become a common attack vector for bad actors in recent years. Amazon S3 buckets are a particularly popular target, as a misconfigured bucket is often accessible to anyone with a free Amazon account and the right URL.

Hong Kong’s Privacy Commissioner, Stephen Wong has said he will demand an explanation from HKBN over why inactive customer data was stored on an online server for years.

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Jeff Edwards

Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.