The Office of the Privacy Commissioner for Personal Data announced that the computer system of Fimmick, a digital marketing company, was attacked by ransomware last month. Since October 4, it has been notified of data breaches by Fimmick and its corporate clients.
Fimmick has a number of major customers, including Coca-Cola, Mead Johnson, Mentholatum, McDonald’s, Nestlé, etc., and L'Oreal has confirmed that there have been leaks of customer personal data, including customers confirmed to be affected by the incident, and the leaked personal information includes names , Phone number, email address, residential address, month of birth, Facebook account name and Facebook email address and other personal information.
The Commissioner’s Office pointed out that the number of people affected was huge, possibly more than 35,000. Fimmick was contacted on October 6 and an investigation was launched on October 12.
The Privacy Commissioner Zhong Liling urged that members of relevant companies or customers who order products online should change their registered account passwords and pay attention to whether there are unusual login records in personal emails.
Fimmick is headquartered in Hong Kong and mainly provides digital marketing and customer relationship management services to corporate clients.
The Privacy Office stated that it has successively received notifications of data breaches from Fimmick CRM Limited and its corporate customers on October 4, stating that Fimmick’s computer system was attacked by ransomware in September 2021, resulting in a department handled by Fimmick. Personal data leaked.
The Commissioner’s Office pointed out that considering that Fimmick holds and processes customer personal data of multiple Hong Kong companies, including name, date of birth, phone number, email address, and address information, the number of people affected may be as large as more than 35,000, but the actual number Still to be verified by Fimmick.
The Privacy Office has contacted Fimmick on October 6 to follow up the incident, and launched an investigation into the incident on October 12.
The Privacy Office received further information from Fimmick on October 20.
Privacy Commissioner Chung Liling.
(Provided by the Privacy Office)
L'Oreal leaked customer data and 9 other companies notified the Office of the incident
The Commissioner’s Office stated that it has been informed that L’Oreal’s customers have leaked information. In addition to the personal information mentioned above, Facebook account names and Facebook email addresses are all affected.
In addition, the Office also received 9 Fimmick corporate customers, including the
insurance company Bupa, Coca-Cola, watch retailer Europe Square, Green Square Market Development Co., Ltd., Mead Johnson, Mentholatum, Hong Kong McDonald’s, Nestlé Hong Kong, and the parent company of Durex and Dettol, etc., Reckittsburgh.
Zhong Liling urged citizens who have provided personal information to the above-mentioned companies, including those who have become members of relevant products or customers who order products online, to be vigilant and guard against the theft of personal information.
She continued that affected citizens should change the passwords of registered accounts and other platform accounts, and pay attention to unusual login records of accounts or emails.
Be alert if you receive unknown or suspicious calls, text messages or emails.
She also suggested that affected organizations should report to the Privacy Office as soon as possible if they believe that the incident involves the leakage of customer personal data, and notify the affected customers.
Association of Records: 150 members who destroyed the information of the members were stolen and apologized for the incident and reported to the Privacy Department. The amendment was gazetted to the wedding banquet. "Congratulations" also broke the law and empowered the Privacy Commissioner to accept mobile phones and computers. Officially gazetted, the Privacy Office and the police will strengthen law enforcement. The Legislative Council passed the Third Reading to prevent privacy regulations. Members claiming to be victims have to move their houses. : Contempt for the media