[ISN] Classified Hong Kong "watch-list" leaked on internet

From: InfoSec News (alerts@private)
Date: Mon May 12 2008 - 01:24:44 PDT


By Sahil Nagpal
May 9th, 2008

Hong Kong - A government investigation was underway Friday after it was 
revealed that confidential files from the Immigration Department had 
been mistakenly leaked on to the internet.

The list, which contained a list of the names of people for officers to 
watch, plus travel document information and travel records, has been 
available on the internet since Monday through a file-sharing programme 
called "Foxy."

The blunder occurred after a newly-recruited immigration officer working 
at the Lok Ma Chau border point took home some old classified files to 
study without authorisation.

His computer contained the "Foxy" programme and when he connected to the 
internet, the files were distributed without his knowledge.

The security blunder is the latest in a series in Hong Kong in the last 

Earlier this week, banking giant HSBC was forced to apologise to 
customers after it admitted it had lost the data of 159,000 accounts 
from a Hong Kong branch.

The data was held on a internet server which is understood to have gong 
missing in April from the Kwun Tong branch of the bank while it was 
undergoing renovation last month.

The Hospital Authority also admitted this week to the loss of data of 
thousands of patients in several incidents.

In one case, a USB flashdrive containing the files of 10,000 patients 
from the Prince of Wales Hospital was lost after a hospital worker who 
was transferring the data left it in a taxi.

Lawmaker James To, the vice-chairman of the Legislative Council security 
panel said the immigration department security breach was by far the 
most serious of all three.

"This data is more private, it gives the detailed record of people's 
travelling history," he said.

Chairman of the security panel Lau Kong-wah said the leak was 

"The data is sensitive information. Not only the Immigration Department, 
but all government organisations should review their data-privacy 
systems to prevent similar cases," he said.

Security Secretary Abromse Lee has said the officer concerned would face 
disciplinary action after an investigation. (dpa)

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Mon May 12 2008 - 01:43:35 PDT