InvestHK Recovers from Ransomware Attack, Confirms No Personal Data Leakage

Invest Hong Kong provides updates on information security incident

​Invest Hong Kong (InvestHK) provided an update today (March 3) on the information security incident identified on February 22 which involved a malicious ransomware attack to part of InvestHK's computer systems. According to InvestHK's investigation findings, there was no evidence indicating leakage of personal information. No further suspicious activities have been identified. InvestHK is very grateful for the support and assistance rendered by the Police and the Digital Policy Office (DPO) during the incident. The department's computer systems have largely resumed normal operations today.

The spokesman for InvestHK said that as the global cybersecurity landscape was evolving, the department would continue to enhance its cyber resilience level and cybersecurity risk management. It will also follow the suggestions from the DPO and experts in tightening its IT security systems to prevent similar incidents from happening again .

The spokesman reminded members of the public to stay alert and to refrain from clicking on any embedded links or providing any personal or financial information such as credit card information, or making any payment to suspicious emails or SMS messages.

The department condemns such malicious attacks again and hopes that the culprits can be brought to justice as soon as possible so as to safeguard information and cybersecurity.

Fraudulent websites and internet banking login screens related to The Bank of East Asia, Limited

The following is issued on behalf of the Hong Kong Monetary Authority:

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public to a press release issued by The Bank of East Asia, Limited relating to fraudulent websites and internet banking login screens, which have been reported to the HKMA. A hyperlink to the press release is available on theHKMA website.

The HKMA wishes to remind the public that banks will not send SMS or emails with embedded hyperlinks which direct them to the banks' websites to carry out transactions. They will not ask customers for sensitive personal information, such as login passwords or one-time password, by phone, email or SMS (including via embedded hyperlinks).

Anyone who has provided his or her personal information, or who has conducted any financial transactions, through or in response to the websites or login screens concerned, should contact the bank using the contact information provided in the press release, and report the matter to the Police by contacting the Crime Wing Information Centre of the Hong Kong Police Force at 2860 5012.