IT security incident detected
The Fire Services Department said today that it has discovered a potential personal data leakage incident on one of its IT systems. It added that there is no evidence of data having been released.
The contractor responsible for the system was asked to immediately suspend it and had its access rights to the system withdrawn.
A preliminary investigation discovered that the incident occurred when the contractor handled a data migration procedure. The access rights to the data were found to have been altered without authorisation, posing a potential risk of data leakage.
The data includes the surnames and telephone numbers of approximately 480 members of the public who reported tree collapse incidents during Super Typhoon Saola on September 2, 2023.
It also includes personal information relating to about 5,000 department staff, including their names, telephone numbers, ranks, numbers, and postings. The incomplete identity card numbers of 960 of these individuals are also involved.
On discovering the incident the department liaised with the abovementioned contractor, requesting immediate suspension of the system and all of its contract jobs.
The department, together with the contractor, is conducting a comprehensive review and stepping up protective measures to prevent similar incidents. It has also reported the incident to Police, the Security Bureau, the Office of the Privacy Commissioner for Personal Data and the Office of the Government Chief Information Officer.
The Fire Services Department expressed its sincere apologies over the incident. It has notified the affected members of the public through SMS and phone calls. They should report any suspicious circumstances to Police as soon as possible,
For enquiries, call 2723 8787 or email hkfsdenq@hkfsd.gov.hk.