The department said on Sunday that parts of its computer system were subjected to a malicious ransomware attack on Saturday, targeting areas including InvestHK’s internal Customer Relationship Management system, its intranet, and part of its website operations. InvestHK’s services by telephone and email, and its scheduled face-to-face meetings, remain as normal, the department said.
READ MORE: Cybersecurity deficiencies led to sports club data leak
A spokesperson for the department said that, following the attack, immediate action — such as updating relevant access rights, isolating affected systems and activating backup procedures — was taken to reinforce the system’s security protocols and prevent further incursions.
The department is still working with the police to investigate whether any data was leaked during the attack. A preliminary assessment has found that basic information about InvestHK’s clients — such as the companies' contact information — and records of InvestHK staff may potentially have been leaked.
InvestHK will notify relevant parties when further updates are available, the spokesperson said.
ALSO READ: HKSAR govt hosts first cybersecurity drill
The department is currently seeking advice from the government’s Digital Policy Office, and has appointed experts to assist with the investigation of and recovery from the attack.
The spokesman said that InvestHK never collects personal information or requests payment using embedded hyperlinks in emails, SMS messages or social media pages.
Francis Fong Po-kiu, honorary president of Hong Kong Information Technology Federation, said that the HKSAR government has already instructed its departments to store personal information and sensitive data on the government's cloud system, which reduces the likelihood of data leakages.
ALSO READ: HK urged to enhance cybersecurity through cross-boundary collaboration
Fong added that this case exposes the need for some departments to reassess any security vulnerabilities within their digital systems.
A series of data leakages have occurred in the SAR in recent years. Cyberport was comprised during a cyberattack in August 2023 when 400GB of data was stolen. In May 2024, the Fire Services Department discovered a potential data leakage incident involving personal information relating to about 5,000 staff members and 480 residents. Another incident happened within the Electrical and Mechanical Services Department in December last year, when personal data relating to over 17,000 people was leaked.
