A Growing Trend and a Call to Action JENNIFER WU Hong Kong has witnessed a recent surge in cyber security breaches, with both private and public sectors falling prey to cyberattacks. According to the Office of the Privacy Commissioner for Personal Data (“PCPD”) in Hong Kong, there was a more than 20% increase in reported data breaches in the first half of 2023 compared to the second half of 2022. These breaches have had a profound impact on businesses and individuals, from disrupting business operations to compromising sensitive personal data including credit card details, login credentials and, more severely, medical records. The consequences of these breaches extend beyond financial losses, affecting trust and reputation in the long run. Acknowledging the magnitude and impact of these breaches, the PCPD has taken a more proactive approach to combat the issue. The PCPD is actively investigating and reporting breaches of data privacy and issuing comprehensive guidelines to help organisations improve their data management and security practices. This article aims to shed light on the cyber security risks, recent enforcement actions taken by the PCPD, and the recommended measures to prevent data breaches. An Insight Into A Recent Investigation The PCPD’s investigation into the unauthorised access to credit data in the TE Credit Reference System (“System”) is one example of the impact of data breaches and the remedial measures that could have helped prevent the incident. The complainant discovered that their credit records in the System had been accessed without their knowledge and consent by several other money lending companies. The System was developed and operated by Softmedia Technology Company Limited (“Softmedia”). Around...