Suspected intrusion into Central Registry for Rehabilitation information management system detected


     The Labour and Welfare Bureau today (January 1) reported that the Central Registry for Rehabilitation information management system was suspected to have been intruded and its computer servers have been suspended from operation.


     The Bureau discovered yesterday (December 31, 2021) that the servers of the above system might have been hacked into for carrying out suspected activities. The servers in question held around 190 000 records (including some duplicate ones), involving personal data of applicants for “Registration Card for People with Disabilities”, including name, Hong Kong Identity Card number, date of birth, address and types of disability. The Bureau is undertaking further investigations to ascertain if information in the system have been accessed or hacked so as to take appropriate follow-up actions.

     A spokesman for the Labour and Welfare Bureau said, “We take the incident very seriously and apologise for any concern or inconvenience arising from the suspected hacking. We have reported the case to the Police, the Office of the Privacy Commissioner for Personal Data and the Office of the Government Chief Information Officer, and are providing full assistance to their investigations. In parallel, the Bureau will further step up system security as well as the protection of personal data and privacy to prevent similar occurrence in future. We will inform the affected data subjects as soon as practicable to remind them to stay alert to unknown or suspicious correspondence.”

     Should holders of the “Registration Card for People with Disabilities” or their parents/legal guardians have any enquiry, they may contact the Labour and Welfare Bureau by email ( or by phone (2180 9384) during office hours.