07-07-2025
‘Scripting error' in Hong Kong's HK Express led to access to private information
HK Express, the budget carrier of Hong Kong's Cathay Pacific Airways, mistakenly directed a member to log into another customer's account due to a 'scripting error', enabling him to access the other's personal information including their birth date, according to the privacy watchdog's latest investigations.
Advertisement
The other seven data leak cases revealed on Monday by the Office of the Privacy Commissioner for Personal Data included one involving CJ Plus Insurance, which sent documents printed on recycled paper that contained resumes and copies of Hong Kong IDs.
'In the digital age, organisations have generally strengthened their awareness and capability in protecting personal data,' Privacy Commissioner Ada Chung Lai-ling said.
'While most [of the eight] cases affected relatively few individuals, these incidents serve as a reminder to the public that information security risks can arise from any work process.'
According to Chung, all eight incidents – including one concerning the government's Transport Department – involved negligence in following established procedures to prevent data leaks.
Advertisement
They were found to have contravened the requirements under the Personal Data (Privacy) Ordinance, such as by using personal data for a new purpose and not taking sufficient practical steps to prevent a data leak, according to the office.
