Privacy watchdog: Yau Yat Chuen Garden City Club breach exposes 9,000+ members' data
發佈日期: 2026-04-23 20:09
TVB News
Last year, a private club in an upscale residential area in Kowloon was found to have leaked the personal data of more than 9,000 members.
Now, the city's privacy watchdog has completed its probes, ruling the club has violated the Privacy Ordinance.
Yau Yat Chuen Garden Club in Kowloon Tong saw its computer server hit by ransomware in October last year, rendering it inoperable.
Personal data of 9,045 current and former members was leaked, including ID numbers, contact phone numbers, and addresses.
The Office of the Privacy Commissioner for Personal Data identified five major issues following investigations.
They include the use of outdated remote access software with known security vulnerabilities to connect to the affected server, lack of user authentication measures, use of outdated antivirus software and firewalls, and excessive retention of member data.
Some data had been stored for over seven years with a lack of organisational data security measures.
Assistant Privacy Commissioner for Personal Data, PCPD ALEX CHAN: "The vulnerability enabled the threat actors to compromise the account credentials used by the service provider to access the software. This was further facilitated by the servers being left in a logged-in state without the implementation of additional authentications control."
The privacy watchdog rules that the club breached the Privacy Ordinance and ordered it to take remedial actions.
The Office also warns databases holding a large cache of complete and continuously updated personal data are often targets for cyberattacks. They remind that organisations can use strong passwords, multi-factor authentication, VPNs for remote access and provide more rigorous training for staff.
