Hong Kong watchdog slams sports club for sloppy cybersecurity ahead of data breach
South China Athletic Association failed to introduce effective security steps to prevent leak of 72,315 people’s data in March, watchdog says
Hong Kong’s privacy watchdog has found a prominent sports club had been in breach of data protection regulations in the run-up to a large-scale leak involving about 72,000 members’ personal information.
The Office of the Privacy Commissioner for Personal Data said on Tuesday that the South China Athletic Association (SCAA) had failed to take all practicable steps to protect members’ personal data before the breach occurred in March.
“The [SCAA]’s awareness of the need to protect the personal data of its members was weak. The association, as a long-established sports association holding a significant amount of personal data, should be vigilant about cybersecurity and data security,” Privacy Commissioner Ada Chung Lai-ling said.
“I am very disappointed that the association failed to implement effective information system security measures to safeguard members’ personal data prior to the incident.”
She said the club’s failure to undertake the necessary steps to protect members’ information was in violation of the Personal Data (Privacy) Ordinance.
On March 18 this year, the association notified the office that its servers had been attacked by ransomware and maliciously encrypted.
