Companies Registry's Incident of Personal Data Being Leaked
On 19 Apr 2024, the Companies Registry (CR) had carried out an urgent maintenance due to the risk of personal data leakage identified in the e-Search Portal during routine work.
CR had completed the maintenance to block any risk of further leakage of personal data and completed the relevant investigation on 3 May 2024.
From the findings of the investigation, there were around 110,000 data subjects had been affected. The personal data involved including names, usual residential addresses, passport numbers, identity card numbers, phone numbers and e-mail addresses. CR said the data were leaked due to a fault in its digital platform. CR had notified the data subjects which were affected by the incident with explanations and apologies.
In order to prevent a recurrence of similar incidents, the Office of the Government Chief Information Officer and the Office of the Privacy Commissioner for Personal Data would conduct a comprehensive review and take additional measures to the security of personal data.
In addition to protect the personal date privacy, it is suggested to take the below measures: –
- Consider to change the password of online accounts regularly
- Consider to activate the multi-factor authentication function (if available)
- Be aware of any unusual log-in of personal accounts or e-mails
- Keep vigilant whenever receive any suspicious calls, text messages or emails from unknown sources, do not disclose personal data readily or arbitrarily open attachments
