A cyber attack targeting Hongkong Post’s EC-Ship service may have exposed sensitive personal information, including names, addresses, phone numbers, fax numbers, and email addresses of senders and recipients, the postal service announced late Monday.
The breach involved “robotic access” to the address books of EC-Ship account holders, Hongkong Post said in a statement. The full scope of the incident, including the number of affected individuals, remains under investigation, and the agency has yet to confirm whether personal data was actually leaked.
Hongkong Post acted swiftly to block the unauthorized access and notified the Hong Kong Police, the Digital Policy Office, the Office of the Privacy Commissioner for Personal Data, and the Security Bureau on July 21. The EC-Ship service, which allows users to manage international shipments online, has since resumed normal operations, according to the statement.
Authorities are working to determine the extent of the breach and identify affected account holders. Hongkong Post pledged to notify those impacted as more details emerge.
The postal service also warned customers to remain vigilant, emphasizing that it does not send embedded hyperlinks via email, SMS, or social media to collect personal information or request payments. It urged users to avoid interacting with suspicious messages claiming to be from Hongkong Post.
The incident adds to growing concerns over cybersecurity in Hong Kong, where digital services are increasingly targeted by sophisticated attacks. The ongoing investigation will likely face scrutiny as regulators and customers demand clarity on the breach’s impact and the measures in place to prevent future incidents.
