SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Privacy Watchdog Blasts South China Athletic Association Over Data Breach

Paige Henley
Paige Henley Editor
Published on: October 25, 2024
Paige Henley Paige Henley
Published on: October 25, 2024 Editor

Hong Kong’s privacy watchdog has criticized the South China Athletic Association (SCAA) for poor cybersecurity practices following a data breach in March 2024 that exposed the personal information of 72,315 individuals.

The Office of the Privacy Commissioner for Personal Data (PCPD) stated that the sports club failed to implement effective security measures, which left sensitive data, including Hong Kong ID numbers, phone numbers, addresses, and photos, vulnerable to cyberattacks.

“I am very disappointed that the association failed to implement effective information system security measures to safeguard members’ personal data prior to the incident,” said Privacy Commissioner Ada Chung Lai-ling.

The breach occurred when unauthorized access to the SCAA’s computer servers allowed hackers to potentially steal members’ information. The affected data subjects were primarily club members whose personal details were stored on the association’s systems.

Following the attack, the SCAA took immediate action by shutting down the compromised servers and collaborating with cybersecurity experts to assess and repair the damage. However, the association’s response has drawn criticism for not adequately protecting members’ information in the first place:

  • Major Security Deficiency: The server was accidentally exposed to the internet, significantly increasing the risk of a cyberattack.
  • Lack of Detection Measures: The association had no effective system for detecting malicious activities, allowing the hacker to infiltrate the network for over two years.
  • Failed Intrusion Lockout: The hacker made over 43,400 login attempts on an administrator account, with 20,000 attempts recorded within a four-hour window. The association had not enabled the lockout function for repeated failed login attempts.
  • Absence of Security Policies: The club lacked multi-factor authentication for administrator accounts, had no information security policies, and failed to conduct regular risk assessments or security audits.

The Privacy Commissioner emphasized the need for much more stringent cybersecurity policies, citing the growing trend of hackers targeting corporations with large amounts of personal data.

About the Author
Paige Henley
Paige Henley
Editor
Published on: October 25, 2024

About the Author

Paige Henley is an editor at SafetyDetectives. She has three years of experience writing and editing various cybersecurity articles and blog posts about VPNs, antivirus software, and other data protection tools. As a freelancer, Paige enjoys working in a variety of content niches and is always expanding her knowledge base. When she isn't working as a "Safety Detective", she raises orphaned neonatal kittens, works on DIY projects around the house, and enjoys movie marathons on weekends with her husband and three cats.

Leave a Comment