HKICC Lee Shau Kee School of Creativity Vice Principal reveals server breach impacting potentially over 1,000 individuals

371
Insert picture: Vice Principal Choi Ts-kwan

19th May 2024 – (Hong Kong) HKICC Lee Shau Kee School of Creativity (HKSC), fell victim to a malicious cyber attack as its computer servers were compromised on 13th May, potentially affecting over a thousand individuals. Vice Principal Choi Tsz-kwan addressed the media today, disclosing that on the day of the incident, staff members encountered difficulties with the printer, prompting IT personnel to investigate. It was then discovered that the server had been encrypted and locked by hackers, although no ransom message was found. However, the hackers had left behind download links for certain applications. Initial estimates suggest that around 600 people may have been affected, but the actual number could surpass a thousand, primarily involving personal information such as students’ and parents’ contact details and addresses, as well as data pertaining to rental groups. The affected individuals have been advised to remain vigilant.

When questioned about the delay in publicising the breach, Choi explained that the school required time to assess the situation, retrieve backup data, and notify the individuals affected. Emphasising that the school promptly reported the incident and informed the relevant authorities, internal networks and wireless connections were immediately shut down. Teachers were instructed to use offline materials and resources stored in the cloud, while a temporary network with limited speed was established to facilitate wired internet access for students and faculty. As for the school’s information security system’s failure to intercept the intrusion, Choi stated that investigations are still underway, and the school has engaged a cybersecurity firm to gain further insights into the incident.

The school officially announced the breach on social media platforms yesterday, revealing that their IT personnel had discovered the server intrusion on 13th May, resulting in the encryption of approximately 8 terabytes of data accumulated over the past four years. The compromised data includes personal information of graduating students from 2021 onwards, current students, parents who registered with the school, and personal details of faculty members and tenants. Additionally, administrative and academic documents were also affected. The incident has been reported to the Education Bureau, law enforcement agencies, the Office of the Privacy Commissioner for Personal Data, and the Hong Kong Computer Emergency Response Team Coordination Centre. Parents and students have been duly informed of the situation.