Over 17,000 COVID-19 Test Data Leaked In Hong Kong; Government Under Investigation

By Thea Felicity

May 03, 2024 10:31 AM EDT

HK Begins Mass Testing Of All Residents — HONG KONG, CHINA - FEBRUARY 18: Residents wait in line at a makeshift COVID-19 testing station on February 18, 2022 in Hong Kong, China. The Hong Kong government is rolling out city-wide COVID-19 testing with support from mainland authorities.
(Photo : Anthony Kwan/Getty Images)

Hong Kong's privacy watchdog has launched an investigation into a "serious" data leak affecting approximately 17,000 residents amid the Covid-19 pandemic, according to South China Morning Post.

The leaked data primarily comprises information from residents residing in 14 public housing blocks subjected to restriction-testing declaration operations. The leak involves personal information collected during the pandemic, including names, telephone numbers, identity card numbers, and addresses of public housing tenants in Yan Ching, Oi Ming, and Kwong Wai.

The breach raises serious concerns about protecting personal data and the government's ability to protect sensitive information.

How The Covid-19 Tests Data Was Leaked

The breach, stemming from a system security failure, occurred during "restriction-testing declaration" operations conducted between March and July 2022, per The Standard.

These operations were part of the government's efforts to contain the spread of Covid-19 by testing residents of specific buildings. However, the breach has now exposed sensitive personal information of individuals who underwent testing during this period.

"We think the situation is serious. We will follow our procedures and commence an investigation," Privacy Commissioner for Personal Data Ada Chung Lai-ling, said.

In her statement, Chung urged the Electrical and Mechanical Services Department, responsible for the data breach, to take immediate action to notify all affected individuals.

The Electrical and Mechanical Services Department acknowledged the breach on Thursday after being notified by the privacy watchdog. According to the department, the data was stored on a designated online server intended for authorized personnel, but due to a system failure, it was accessible without a password login. However, the department assured us that the data, although browsable, was not downloadable and had been removed.

The department has reported the incident to the relevant authorities, including the police, the Office of the Government Chief Information Officer, and the Security Bureau.

Despite the breach, no evidence suggests that the leaked data has been published elsewhere.