BMW Concessionaires Hong Kong has disclosed that a recent cybersecurity breach has compromised the personal data of approximately 14,000 customers.
The company revealed in a statement that the breach involved information managed by a third-party agency. The leaked data includes customer salutations, names, mobile numbers, and SMS opt-out preferences.
BMW has promptly reported the incident to the Hong Kong Police Force and the Office of the Privacy Commissioner for Personal Data (PCPD). To address the situation, an external cybersecurity firm has been hired to conduct a thorough investigation.
“We take the privacy of our customers very seriously and have enhanced our security measures to better protect our systems,” the company stated. “We advise our customers to stay alert regarding their personal data.”
The PCPD was first notified of the breach by BMW on July 18, followed by a notification from Sanuker, BMW’s contractor, on July 24. The PCPD has initiated an investigation into the breach.
To date, the PCPD has not received any inquiries or complaints related to the incident. However, the watchdog has reported a significant rise in data breaches, with 97 incidents recorded in the first half of the year—a 70% increase in the second quarter. The majority of these breaches involved the private sector.
Ada Chung, Hong Kong’s Privacy Commissioner for Personal Data, highlighted a concerning lack of security awareness among institutions. The PCPD is exploring legislative amendments to empower it to impose penalties directly on non-compliant organizations, aiming to enhance deterrence.
For further updates, the PCPD is considering new mechanisms for penalizing institutions that fail to protect personal data effectively.
You Might Be Interested In