Hong Kong’s 3.7 Million Voters Exposed in Massive Breach

Hong Kong might just have experienced its biggest ever data breach after the personal details of the Special Administrative Region (SAR)’s 3.7 million voters were stolen on two laptops.

The details are said to have included ID card numbers, addresses and mobile phone numbers. They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport.

The center is said to be the “back-up venue” for the region’s chief executive elections, which took place recently. The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted, although it’s unclear how strong that encryption is.

It’s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong’s CEO.

The SAR’s privacy watchdog said in a statement that it is launching an investigation into the matter.

Over a three-year period from 2013 to 2016, the privacy commissioner’s office is said to have received 253 data breach notifications.

Eduard Meelhuysen, EMEA boss at Bitglass, argued that public sector breaches stand out as particularly concerning. "Whether it’s the NHS or the Hong Kong Registration and Electoral Office, these organisations need to remember their duty of care, not to mention legal obligations, to protect citizens' and employees' data,” he said.

“This means not only keeping sensitive data encrypted, but also controlling where it goes using tools like access control and data leakage prevention. Is it really a business necessity to store the information of millions of citizens on a laptop?"

Infosecurity

Nation State Hacking Has A Big Commercial Impact:

Big Data Analysis – Now Used For Politics…:

 

« WikiLeaks Dump Shines Light On US Intelligence’s Zero-Day Policy
Hackers Threaten To Attack Israel's Cyber Infrastructure »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

Robosoft Technologies

Robosoft Technologies

Robosoft Technologies is a full-service digital transformation partner. We provide end-to-end digital transformation services in areas including cybersecurity.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.