University of Hong Kong data breach, exposing 7,400 students and staff

published: Feb. 8, 2024

Learn More

The University of Hong Kong's (HKU) Faculty of Education reported a cyberattack that occurred on January 30, potentially compromising the personal data of approximately 7,400 individuals.

The exposed individuals include:

  • students,
  • academic visitors,
  • applicants to research programs.

The attack is also believed to have exposed a range of internal files that have been maintained since 2012. These files include meeting minutes, room booking records, and system management files, indicating a significant breach of the faculty's digital records.

Despite the severity of the breach, the faculty has provided reassurance by stating that there is no evidence to suggest that highly sensitive data such as salary details, bank account numbers, or Hong Kong Identity Card (HKID) numbers were disclosed in the attack.

No details are disclosed about the nature of the attack or specifics about the breached personal data.

Following the discovery of the incident, the faculty isolated the affected servers to prevent further unauthorized access. An external cybersecurity consultancy, along with the Information Technology Services of HKU, was engaged to carry out a comprehensive investigation into the breach.

University of Hong Kong data breach, exposing 7,400 students and staff