Invest Hong Kong reports information security incident
******************************************************
Invest Hong Kong (InvestHK) announced today (February 23) that an information security incident was identified yesterday (February 22). The incident involved a malicious ransomware attack to part of InvestHK’s computer systems.
A spokesman for InvestHK said that upon identification of the incident, the department has taken immediate measures to further tighten its IT security systems to prevent further ransomware attacks. It has also followed established guidelines and procedures and reported the case to the Police, the Digital Policy Office (DPO), the Office of the Privacy Commissioner for Personal Data and the Security Bureau respectively on the same day. InvestHK condemns such malicious attacks and has already updated relevant access rights, isolated the affected systems, and activated back-up procedures.
InvestHK is working closely with the Police on the investigation. Preliminary findings indicated that the affected areas included an internal Customer Relationship Management (CRM) system, intranet and part of InvestHK’s website operations, such as the function to contact InvestHK via the website form and events updates. InvestHK’s public services remain normal. Members of the public can continue to contact staff of InvestHK through telephone, email or face-to-face meetings.
Investigation is still underway to ascertain whether any personal data leakage is involved. Although this is an ongoing investigation, based on preliminary assessment, this could potentially include basic information on InvestHK’s clients, such as the companies’ contact information, and records of InvestHK staff. InvestHK will inform relevant parties if and when further updates are available.
The spokesman stressed that the department has been following Government procedures on information and cybersecurity. To further strengthen its system security measures, it is currently seeking advice from the DPO and has appointed experts to assist with the investigation and recovery. The department hoped the culprits can be brought to justice as soon as possible so as to safeguard information and cybersecurity.
The spokesman reiterated that InvestHK would not send embedded hyperlinks via emails, SMS messages or social media pages for collecting personal information or requesting for payment. It urges members of the public to stay alert and to refrain from clicking on any embedded links or providing any personal or financial information such as credit card information, or making any payment to suspicious emails or SMS messages. For enquiries, members of the public may call InvestHK General Enquiry Hotline at 3107 1000 or email enq@investhk.gov.hk.