Following the news about a data breach in Hong Kong, where two laptops containing the details of 37 million voters have been stolen. Some are saying this could be the city’s largest data breach. IT security experts from Security Consultancy, Derivative Technology and Bitglass commented below.
“Given that Election Committee members didn’t know there was a backup centre it’s likely the culprit is potentially an insider familiar with the election’s fallback planning . If this was an insider job, it’s unclear whether the data encryption will be any use because if the culprits are familiar with the fallback procedures, they are likely also familiar with how to access the laptops. And besides, if it was government sponsored, full disc encryption may not be an obstacle either.
While there appears to be some data compartmentalization issues in keeping Election Committee member data with the general voter data, the more important thing to look for is targeted phishing of Election Committee members and follow up attacks. It’s likely this was a recon for something bigger.”
Eduard Meelhuysen, Head of EMEA at Bitglass:
“Of all the data breaches in the headlines, it’s the public sector stories that are the most alarming. Whether it’s the NHS or the Hong Kong Registration and Electoral Office, these organisations need to remember their duty of care, not to mention legal obligations, to protect citizens’ and employees’ data. This means not only keeping sensitive data encrypted, but also controlling where it goes using tools like access control and data leakage prevention. Is it really a business necessity to store the information of millions of citizens on a laptop that’s being taken to a tradeshow?”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.