Hong Kong privacy watchdog records 20% increase in data breaches – a third involves hacking

2026-02-03 - 23:37

Hong Kong’s privacy watchdog recorded nearly 250 data breaches last year – more than a 20 per cent increase from the previous year, with a third of the incidents involving hacking. Privacy commissioner Ada Chung on February 3, 2025. Photo: PCPD. The Office of the Privacy Commissioner for Personal Data (PCPD) said on Tuesday that it received 246 data breach notifications in 2025, representing a 21 per cent increase from the previous year. A total of 92 reports were submitted by schools and NGOs, accounting for 37 per cent of all breaches last year. One-third of data breaches – totalling 81 – involved hacking. In comparison, there were 61 hacking cases in 2024, accounting for 30 per cent of data breaches. Last year, the PCPD also handled 308 doxxing cases – which included doxxing-related complaints received and cases uncovered by the watchdog, with the figure dropping by just under a third from the previous year. It also initiated 147 criminal investigations and referred 47 cases to the police, with 18 suspects arrested last year. Meanwhile, doxxing-related complaints to the PCPD fell by more than half over three years: from 630 in 2022, the year after anti-doxxing provisions took effect, to 299 in 2025. A laptop. Photo: Rachel Johnson, via Flickr. Privacy commissioner Ada Chung urged employers to formulate clear privacy policies to protect employees’ personal data from being leaked, as she gave examples of privacy incidents at a press conference on Tuesday. In one incident, a supervisor sent an employee’s termination notice to a work-related chat group, disclosing the employee’s personal information. In another case, a hotel security staff member inadvertently read appraisal forms containing personal data in an unlocked desk drawer. In a separate incident, a dismissal document containing an employee’s personal information was placed into a shared folder, making the information accessible to other staff members. “Employers should regard the protection of employees’ personal data privacy as an integral part of the organisation’s data governance,” Chung said on Tuesday. “This demonstrates the organisation’s commitment to safeguarding employees’ personal data and ensures compliance with the requirements of the [The Personal Data (Privacy) Ordinance], thereby creating a win-win situation for both employers and employees.”