Hong Kong Immigration out foxed by Foxy
May 12th, 2008By Sahil Nagpal
TopNews.in
May 9th, 2008Hong Kong – A government investigation was underway Friday after it was revealed that confidential files from the Immigration Department had been mistakenly leaked on to the internet.
The list, which contained a list of the names of people for officers to watch, plus travel document information and travel records, has been available on the internet since Monday through a file-sharing programme called “Foxy.”
The blunder occurred after a newly-recruited immigration officer working at the Lok Ma Chau border point took home some old classified files to study without authorisation.
His computer contained the “Foxy” programme and when he connected to the internet, the files were distributed without his knowledge.
The security blunder is the latest in a series in Hong Kong in the last week.
Earlier this week, banking giant HSBC was forced to apologise to customers after it admitted it had lost the data of 159,000 accounts from a Hong Kong branch.
The data was held on a internet server which is understood to have gong missing in April from the Kwun Tong branch of the bank while it was undergoing renovation last month.
The Hospital Authority also admitted this week to the loss of data of thousands of patients in several incidents.
In one case, a USB flashdrive containing the files of 10,000 patients from the Prince of Wales Hospital was lost after a hospital worker who was transferring the data left it in a taxi.
Lawmaker James To, the vice-chairman of the Legislative Council security panel said the immigration department security breach was by far the most serious of all three.
“This data is more private, it gives the detailed record of people’s travelling history,” he said.
Chairman of the security panel Lau Kong-wah said the leak was unforgivable.
“The data is sensitive information. Not only the Immigration Department, but all government organisations should review their data-privacy systems to prevent similar cases,” he said.
Security Secretary Abromse Lee has said the officer concerned would face disciplinary action after an investigation. (dpa)
[…]
My emphasis.
It is not only unforgivable, but it is also undoable, and the latter is more important.
If you read BLOGDIAL, you can relate this story in ‘the Google between your ears™’ to all the other BLOGDIAL posts on this subject.
May 12th, 2008 at 10:39 am
Meanwhile, in other news….
[quote]A computer hacker in Chile has published confidential records belonging to six million people on the internet, officials say.
The information was obtained by hacking into government and military servers, and was posted on a technology blog.
It included ID card numbers, addresses, telephone numbers and academic records.
The hacker left a message saying the aim was to demonstrate the poor level of data protection in Chile, says the newspaper which uncovered the story.
El Mercurio newspaper reports that the data came from computer servers at the education ministry, the military and the electoral service.
It was posted on the forum of a Chilean blog dedicated to technology issues, but was quickly removed by site’s administrators, who contacted the police.
Links to files containing the information were also posted on another Chilean website, and again promptly removed, El Mercurio reports.
Police commissioner Jaime Jara told the newspaper that an investigation into the incident was under way.
http://news.bbc.co.uk/2/hi/americas/7395295.stm%5B/quote%5D
More stable doors. More bolted horses. More investigations into how to improve data protection without willing to look at the perfect solution: don’t collect it in the first place.