Two mid-scale travel agencies in Hong Kong, Big Line Holiday and Goldjoy Holidays, had their customer database hacked last week, resulting in customer information such as identity card, passport and telephone numbers being leaked.
This makes cyber security breaches a recurring problem in Hong Kong’s travel industry, after the first known case surfaced last November at Worldwide Package Travel Services.
Local police have classified the hacking as cases of blackmail, and the Cyber Security and Technology Crime Bureau is currently investigating the incidents.
Big Line Holiday temporarily suspended its operating system, website and mobile application for 14 hours from 22.00 on January 4. According to a statement from the agency, a hacker had sent a blackmail message on January 2 and the company immediately informed the police and the Office of the Privacy Commissioner for Personal Data.
The company further apologised for leaking clients’ information and resolved to strengthen cyber security and plug all holes by recruiting external technical specialists and assistance. Specialising in shorthaul tours to China, its 13 small branches target the mass market with affordable prices.
Meanwhile at Goldjoy Holidays, which is known for longhaul and upmarket itineraries, executive assistant Agnes Lee told TTG Asia that no sensitive information such as credit card or banking data were involved.
She said: “None of our operations were disrupted and we suspended only the instant online tour booking function for police investigations. Our inhouse IT team, which monitors and updates our system regularly, and outside consultant, which handles upgrades, may explain why no serious damage resulted from the cyber security (breach). In future, (we will deploy) more resources (to guard consumer data) as technology evolves every day and we rely on it to promote our products.”
Meanwhile, other travel agencies in Hong Kong are stepping up their efforts to protect consumer data from similar hacking incidents. Premium Holidays general manager, Simon Wo, said: “Since the first blackmail case was reported, our IT team started checking the strength of the firewall and assigned an outside expert to assess the levels of protection on our system.”
However, he reckoned that “only agents in mid-scale or above can afford to invest more on cyber security”, while this might be costlier for smaller-scale players.
Last year, the Travel Industry Council organised two events about cyber security and there are plans for education on the topic to continue this year.
