EMSD follows up on system security incident of online server platform
A spokesman for the Electrical and Mechanical Services Department (EMSD) said today (May 2) that the department is following up on a system security incident of an online server platform, which involved data collected by the EMSD in "restriction-testing declaration" (RTD) operations conducted between March and July of 2022 in combating COVID-19.
Data stored on the designated online server platform include names, telephone numbers, identity card numbers and addresses of about 17 000 members of the public at 14 buildings which are listed at Annex. The data were only accessible to authorised personnel by logging in with a password.
On the evening of April 30, the EMSD was notified by the Office of the Privacy Commissioner for Personal Data that according to a public report, the data concerned could be browsed on the server platform. The EMSD immediately checked and found that the password login system failed. The data could be browsed without entering any password but they were not downloadable. Upon EMSD's request, the service provider of the online server platform removed the data from the platform that evening (April 30). The EMSD has reported the incident to the Police, the Office of the Government Chief Information Officer and the Security Bureau.
The EMSD expresses sincere apologies for the incident. Although there is no evidence that relevant data have been published so far, the EMSD will notify relevant households by mailing to flats of the buildings involved. In case of suspicious circumstances, they should report to the Police as soon as possible. For enquiries, please call the EMSD's hotline at 2333 3762.