Shockwaves are still reverberating across the Hong Kong travel industry over the hacking of WWPKG’s (Package Tours Hong Kong) customer database on November 6, with the cybercriminals brazenly demanding a seven-digit ransom to unlock the group’s system.
This is the first known case of its kind to smite the local travel industry, with the company estimating that personal information regarding about 200,000 clients was stolen, 10 per cent involving credit card information. The case was reported to the police and is being handled by the Cyber Security and Technology Crime Bureau. WWPKG also shut down all four of its branches for an urgent security upgrade that was expected to be completed by noon on November 8.
Its parent company WWPKG Holdings held a press conference on Wednesday. According to local newspaper reports, CEO Yuen Chun-ning shared that information exposed included name, identity card and passport number, telephone number, email address, postal addresses, credit card and purchasing record.
The group was locked out of company system on Monday morning (November 6) and then received a ransom email demanding money. The management decided to report the case to the police and later to the Travel Industry Council. On the same night they appointed two information technology security companies to assess and enhance security.
Founded in June 1979, the group offers outbound package tours with particular focus on Japan-bound tours. It went public in January.
In response to the hacking incident, local travel industry players reiterated the importance of securing client databases.
Miramar Travel general manager Alex Lee said: “We agents must always be on the alert at all times because these email viruses evolve (over time). That is why we have appointed a professional company to monitor our online system and give advice from time to time. Apart from backing up data daily, passwords and systems are changed and upgraded on a regular basis.”
Morning Star Travel Service general manager Dannia Cheung added: “This was a rare attack that had never happened before in our industry. In response we had our in-house information technology team check our system carefully to ensure it remains under tight security and gets a daily backup.”
Travel Industry Council chairman Jason Wong believed that this was an isolated case, adding: “We don’t see any developing trend of travel agencies being a target of hacking.
“However, the Council is always reminding agents about the importance of protecting consumers’ (information). In fact, experts were invited to our seminars in recent months to promote online security and if necessary, members may approach us for contact details of these experts.”