A ransomware attack encrypted files in Yau Yat Chuen Garden City Club’s customer management system, affecting more than 9,000 current and former members. The Privacy Commission found multiple security weaknesses and issued an enforcement notice while the club has begun remedial measures and disabled the vulnerable remote-access software. #YauYatChuenGardenCityClub #RemoteAccessSoftware
Keypoints
- Ransomware encrypted server files in the club’s customer management system, affecting over 9,000 individuals.
- Compromised data included full names, identity card and passport numbers, dates of birth, emails, phone numbers and addresses.
- The breach exploited outdated remote-access software, missing authentication, and weak antivirus and firewall protections.
- The club retained former members’ personal data for seven years, longer than necessary, breaching privacy requirements.
- An enforcement notice required remedial actions; the club updated software, encrypted stored data, and tightened remote access controls.
Read More: https://news.rthk.hk/rthk/en/component/k2/1852161-20260423.htm