Following the news about a data breach in Hong Kong, where two laptops containing the details of 37 million voters have been stolen. Some are saying this could be the city’s largest data breach. IT security experts from Security Consultancy, Derivative Technology and Bitglass commented below.
Efe Orhun, Managing Partner & CISSP at Derivative Technology:
“Given that Election Committee members didn’t know there was a backup centre it’s likely the culprit is potentially an insider familiar with the election’s fallback planning . If this was an insider job, it’s unclear whether the data encryption will be any use because if the culprits are familiar with the fallback procedures, they are likely also familiar with how to access the laptops. And besides, if it was government sponsored, full disc encryption may not be an obstacle either.
While there appears to be some data compartmentalization issues in keeping Election Committee member data with the general voter data, the more important thing to look for is targeted phishing of Election Committee members and follow up attacks. It’s likely this was a recon for something bigger.”
Eduard Meelhuysen, Head of EMEA at Bitglass:
“Of all the data breaches in the headlines, it’s the public sector stories that are the most alarming. Whether it’s the NHS or the Hong Kong Registration and Electoral Office, these organisations need to remember their duty of care, not to mention legal obligations, to protect citizens’ and employees’ data. This means not only keeping sensitive data encrypted, but also controlling where it goes using tools like access control and data leakage prevention. Is it really a business necessity to store the information of millions of citizens on a laptop that’s being taken to a tradeshow?”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…