HKCert
Security Blog

Secure your website to prevent information leakage

Release Date: 08 / 06 / 2018
Last Update: 08 / 06 / 2018
HKCERT is aware that some sensitive information were public accessible from an elderly service website. Personal information including name, HKID, address, telephone number, social security allowance ID and financial status were leaked.
 
HKCERT urges company should secure their website and avoid posting sensitive information online to prevent information leakage. On the other hand, if you suspect there is any criminal offense due to the theft of personal information, report to the Police as soon as possible.
 
HKCERT advises all webmasters to conduct security assessment regularly, identify and rectify security vulnerabilities early and prevent hackers from attacking. To avoid data leakage, sensitive information should be encrypted and only be stored in the internal server. 
 
To learn more about how to secure your web servers, web applications and database servers, please refer to "Guideline of Web Security" Security Guideline provided by us.
 
Elderly should pay attention to possible scam. If you suspect there is any criminal offense due to the theft of personal information, report to the Police as soon as possible.