Data of 14,000 HK customers leaked in BMW breach
Top News | 26 Jul 2024
Yu Wing Chan
Personal data of some 14,000 Hong Kong customers of car manufacturer BMW have been leaked. The breach included their names, phone numbers and SMS opt-out preferences.
The German company said it has called Hong Kong police and notified the Office of the Privacy Commissioner for Personal Data. It has also hired a third-party network security specialist to launch a full-scale investigation into the incident.
"We take the privacy of our customers very seriously and have intensified our security measures to further safeguard our system," BMW Concessionaires HK Ltd told customers.
The incident involved information handled by a third-party agency containing customer data, it said.
"We urge our customers to remain vigilant with their personal data," BMW said, adding customers can e-mail the firm for any queries.
The PCPD said it received the data breach notification from BMW on July 18 and advised the company to notify affected customers as soon as possible.
On July 24, Sanuker Inc, the contractor of BMW HK, also notified the privacy watchdog.
There have been no inquiries or complaints made to the watchdog yet regarding the incident.
"The PCPD has commenced an investigation into the incident in accordance with established procedures," the watchdog said.
There have been a total of 97 data leak incidents in the first six months.
These figures were mentioned by Privacy Commissioner Ada Chung Lai-ling on a radio program earlier this month, in which she discussed the possible introduction of a penalty system to punish organizations that have breached privacy regulations.
Chung said data breach incidents have been happening globally and more stringent efforts should be put forward to safeguard data security alongside enhancing staff awareness of cybersecurity.
The watchdog received around 600 inquiries in the past six months, she said, adding those involved concerns over the use of personal data in scams.
Scammers typically contact people through text messages, e-mails or cold calls.
And to limit instances of deepfake crimes, Chung reminded the public to protect their biometric features.
