'More regular security audits should be conducted,' say IT experts over myTV Super's data breach

Local IT experts have stressed the importance of conducting regular security audits within a company, after a man was arrested for stealing the information of over 30,000 users from TVB's mobile app myTV Super. 

This comes as TVB detected abnormal and suspicious activities within its system on 18 May and identified them as targeted malicious system attacks. According to its official statement, TVB's investigation showed that personal information of approximately 35,000 users, equivalent to 0.3% of the total registered users at myTV Super was subject to unauthorised access. The information being accessed included the registered names, partial HKID numbers (first four digits), email addresses and/or phone numbers of our users, depending on the user categories.

The company said users’ credit card information was not involved in the crime and there is no evidence that users’ personal data has been misused. “We will continue to monitor the latest industry developments and continuously enhance our security measures to safeguard the privacy and safety of our users’ information,” the statement read. In response, TVB has already blocked the intrusion and reported the incident to the police and relevant regulatory authority.

Meanwhile, a 40-year-old man was arrested yesterday for the incident. TVB expressed gratitude to The Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force for its professional law enforcement and swift apprehension of the suspect to mitigate the severity of this incident.

Don't miss: OT&P Healthcare apologises over data breach, 100k patients reportedly impacted

In a conversation with MARKETING-INTERACTIVE, Ho Wa Wong, conveyor of Open Data Working Group, Internet Society Hong Kong, said that victims of this data security incident should be aware of it as sensitive personal information such as partial HKID numbers and phone numbers were leaked.

“Since over 30,000 users’ personal information have been leaked already, they may be affected when they use services such as banking services and credit card services," he said. He added that TVB should also perform more regular penetration tests to ensure data security. 

Agreeing with his view was Francis Fong Po Kiu, honorary president of the Hong Kong Information Technology Federation, who said that hackers are able to hack the server if its first interactive interface is not complete.

“While many companies have already conducted security defense to deal with login security, apart from fire wall, it'd be even safer for them to have security team or IT department to further protect the system. Security audits should be conducted per three to six months to check whether hardware and software or cloud can prevent data breach too,” he added.

MARKETING-INTERACTIVE has reached out to TVB for a statement.

Related articles:

TVB's big big channel to cease operation in May
TVB denies allegations of unlawful business operation of Chinese OTT platform
TVB records loss of HK$807m due to weakened TV advertising market
TVB reportedly cuts 5% of its workforce for cost optimisation