Hongkong Post updates on the information security incident
**********************************************************
Hongkong Post announced today (July 22) on the investigation result so far of the information security incident identified on July 21. According to the investigation, the unauthorised party had cyberattacked the system by making countless attempts at the mid-night of July 20 and the following day to access and retrieve information through the address book function of EC-Ship system. Hongkong Post had activated the blocking mechanism immediately after the abnormal activities being detected by its system and disabled the operation of the EC-Ship account which was involved in the cyberattacks at once. During the above-mentioned blockage and interception of these cyberattacks, the concerned accounts’ address books information, including the senders’ and recipients’ person/company names, addresses, and/or phone numbers, fax numbers, and email addresses, was being accessed and retrieved.
Hongkong Post has sent emails to inform all affected account holders today and reminded them to remain vigilant, and to immediately inform relevant persons of their address books about this incident and remind them to be vigilant. The Hong Kong Police Force (HKPF) has initiated investigation into the incident and Hongkong Post will fully cooperate with the HKPF in the investigation, and will closely monitor the situation of the involved information.
Hongkong Post has been following established Government procedures on information and cybersecurity. The Digital Policy Office (DPO) is also in close communication with Hongkong Post on the incident, noting that it has taken immediate actions by promptly blocking the cyberattacks and enhancing the security measures of the system. The services concerned have resumed normal and account holders involved can continue to use the services.
The spokesman for Hongkong Post said that the global cybersecurity landscape was evolving, with various forms of cyberattacks emerging continuously. Hongkong Post would actively seek advice from the DPO to continuously enhance the cyber resilience level and cybersecurity risk management, to safeguard the information security of users and to prevent similar incidents from happening again.
Hongkong Post reiterates that it will not send embedded hyperlinks via emails, SMS messages or social media pages for collecting personal information or requesting for payment. Hongkong Post wishes to alert members of the public again to refrain from clicking on any embedded links or providing any personal or financial information such as credit card information, or making any payment to suspicious emails or SMS messages alleged to be sent by Hongkong Post. For enquiries, members of the public may call the Hongkong Post General Enquiry Hotline at 2921 2222.