-
Our Services
- The Cradle – Go Global Service Centre
-
New Industrialisation
- New Industrialisation
- New Productive Forces Service Platform
- Smart Production Line
- Innovation Technology and R&D
- Transformation and Upgrading
- Nurture New Industrialisation Talent
- Rules and Regulations
-
HealthTech and Traditional Chinese Medicine
- HealthTech and Traditional Chinese Medicine
- R&D service and Functional Investigation on Chinese Medicine, Health Food & Wellness product
- Compliance Consultation Service for Chinese Medicine, Pharmaceutical, Health Food and Medical Device Industries
- Manufacturing Enhancement - Automatic Intelligent System for Production and Packaging in Chinese Medicine, Pharmaceutical and Health Food Industries
- Assisting funding application for local medicine and health industrial associations
- “The Cradle” Services for Health Tech and TCM Industry
-
Smart Manufacturing
- Smart Manufacturing
-
IIOT
- IIOT
- Industrie 4.0 - Smart Enterprise
- Product Lifecycle Management Consultancy
- Intelligent Automatic Warehousing and Logistics
- Real-Time Manufacturing Tracking System
- Knowledge Based Engineering & CAD Solution
- Location Based Services and Location Analytics
- The HATCH
- Hong Kong Industrial Drone Technology Centre
-
AI & Robotics
- AI & Robotics
- AI Sheet Metal Surface Defect Detection Technology
- Product Innovation and Design Management
- Robotics Application
- Automation Feasibility Study
- 3D Automatic Processing
- Application and Research on Vision and Ultrasonic Inspection Assisted by Artificial Intelligence and Robotics
- Customized Intelligent and Cognition Automation Machine & System Development
- Autonomous Air-ground Cooperative Tunnel Inspector
- AR-Empowered Robot Control System (ARERC System)
- IoT-enabled Smart Toilet Bowl Cleaning System
- Novel Materials
-
Advanced Manufacturing Technology
- Advanced Manufacturing Technology
- 3D Scanning and Reverse Engineering Service
- Flexible Metallic Fiber Physical Porous Part Fabrication Technology
- Advanced Mould Cooling Technology and CAE Conformal Cooling Analysis
- Gas Atomisation Technology
- Dual Laser Metal Polishing Technology
- Advanced Additive Manufacturing, 3D Printing Technology, and Direct Manufacturing
- Diffusion Bonding Technology
- Electrically-Assisted Free Forming (EAFF) Technology for Customisation of Sheet Metal Parts
- Plastic Process and Machinery Technology
- Fashion and Garment Technology
- Computer Aided Technology (CAx)
- Watch Assembly Automation Technology
-
Digital Transformation
- Digital Transformation
- HKPC Digital DIY Portal
- Digital Transformation Support
- 「FitEasy」Virtual Fitting Technology - For People with Disability
- Smart Solution
- Research and Analytics
- Strategic IT Management
- Embedded Software System
- New Media and Learning Technology Development
- IT Industry Support
- DevOps Maturity Assessment and Consultancy Service
- Software Testing Automation Consultancy Service
- Blockchain Consulting Service
- Extended Reality (XR) technology and consultancy service
-
Cyber Security
- Cyber Security
- Cyber Security
- Cybers Security-by-design, Privacy and Compliance-by-default
- Design & Architecture
- Train & Develop
- Offensive Security
- Intelligent Security
- Defensive Security
- Intelligent Hardening
- Internet of Things (IoT) & Operational Technology (OT) Cyber Security Testing
- Phishing Defence Services
- Cyber Security Assessment & Audit
- Cyber Security Consultancy for i4.0 & e4.0
-
Green & Smart Living
- Green & Smart Living
- Green Technology
- Food Technology
- Smart Living
-
Corporate Sustainability
- Corporate Sustainability
- ESG and Sustainability Services
- Manufacturing Technology (Tooling, Metals & Plastics) Recognition of Prior Learning (RPL) Mechanism
- Market Research and Analytics
- Business Innovation
- Sustainability-related standards and guidance
- Organisation Innovation Capability Development
- District Innovation
- Customer Service Assessment
- Intellectual Property (IP) Protection and Management
- Support to Creative Industries
- Manufacturing Standards Consultancy Service
- Production Capacity Optimisation
- Cost of Quality
- FutureSkills
- SME Support
- Funding
- Testing & Standards
- Venues & Facilities
-
Support & Resource
- Technology Transfer
-
Support Centres
- Support Centres
- Low-altitude Economy Tech Hall
- The Cradle – Go Global Service Centre
- HKPC-HP 3D Printing Technology Centre
- Future Manufacturing Hall
- Inno Space
- The HATCH
- Intellectual Property Services Centre
- Advanced Electronics Processing Technology Centre
- Green Living Laboratory
- Reliability Testing Centre
- Electromagnetic Compatibility Centre
- Plastics Technology Centre
- Smart Wearables, Watch & Clock Technology Centre
- Conformal Cooling Technology Centre
- Hong Kong Digital Testing Hub
- Hong Kong Industrial Drone Technology Centre
- Aqua Research Laboratory
- Advanced Materials and Intelligent Manufacturing Centre
- Hong Kong Joint Research Lab for Applications of Intelligent Automation Technology
- Future FoodTech Lab
- HKUST-HKPC Joint Research Lab for Industrial AI and Robotics
- Hong Kong Industrial Artificial Intelligence & Robotics Centre (FLAIR)
- Testing & Standards
- HKPC Spotlights
- About US
-
LANGUAGE
HKCERT Warns Public and SMEs of Rising Risks in Recent Data Breach Incidents
(Hong Kong, 17 October 2025) A recent social engineering attack on a Qantas Airways third-party service platform has compromised the personal data of 5.7 million customers, including approximately 20,000 in Hong Kong. The leaked information includes names, phone numbers, and addresses, exposing affected individuals to heightened risks of phishing and fraud. The incident has been reported to the Office of the Privacy Commissioner for Personal Data (PCPD), which has launched an investigation.
Hackers Leaked Personal Data of 5.7 million users onto the Dark Web
Hackers accessed Qantas' customer data through a customer service centre in the Philippines operated by a third-party service provider, using social engineering techniques such as vishing to deceive the provider's staff into granting access. The incident highlights the increasing risk of supply chain attacks, where hackers exploit vulnerabilities in third-party service providers to use them as a springboard to attack larger organisations. Even SMEs, if they neglect their own cybersecurity, could become critical vulnerabilities in cyberattack incidents.
In this context, recent events further highlight the critical need to enhance cybersecurity measures, both for SMEs and external service providers. The Vegetable Marketing Organization in Hong Kong had recently suffered a ransomware attack on some of its computer systems, and this incident has led to the risk of data leakage for users of its wholesale market. Meanwhile, cybersecurity vendor F5 recently announced that its internal systems were subjected to a long-term persistent cyberattack in August, during which hackers stole source code for its products and undisclosed system vulnerabilities. Using this leaked information, the hackers may plan attacks against users who are employing F5’s products.
These cases underscore the risks associated with third-party service providers and the importance of enhancing cybersecurity measures. Given the scale and potential threat of the incidents, the Hong Kong Computer Emergency Response Team Coordination Centre(HKCERT) advise users and SMEs to adopt the following measures to prevent third-party risks and enhance their cybersecurity:
- Beware of Phishing Attack
Always verify email senders and avoid clicking on any suspicious links. Be cautious of urgent or unusual requests, and if possible, to report suspicious messages to your IT or security team immediately. For more details, please visit https://www.hkcert.org/publications/all-out-anti-phishing
- Enable multi-factor authentication to enhance account security
Implement multi-factor authentication requiring users to enter verification codes or additional authorisation to log in and educate users not to share the verification code with others. This prevents account theft if the users accidentally disclose their password.
- Be cautious when using freeware and open-source projects
While freeware and open-source tools can be cost-effective, they may introduce vulnerabilities if not properly vetted. Only use trusted software from reputable sources and conduct security reviews before deployment.
- Regular security update
Keep all systems, applications, and devices updated with the latest security patches. Regular updates help close vulnerabilities before attackers can exploit them.
- Raise social engineering awareness
Social engineering remains a common attack vector. Provide frequent training to employees on recognising and resisting phishing attempts, suspicious phone calls, and other manipulation tactics. This can significantly reduce the likelihood of human error leading to a breach.
Four Key Measures to Secure Your Data
Qantas has confirmed that the incident did not involve customers’ financial data, passport information, or account passwords. However, the leakage of sensitive personal data onto the dark web may lead to risks such as identity theft, phishing attacks, and other fraudulent activities. HKCERT emphasises that proactive protection of personal data is essential and urges affected individuals to take the following steps:
- Regularly Monitor Accounts
Check your email, phone, and financial accounts regularly for suspicious activity. If you detect unauthorised transactions or unusual activity, report them immediately to the relevant organisation.
- Beware of Phishing Attacks
Be cautious of emails, phone calls, or messages claiming to be from Qantas or related organisations. Avoid clicking suspicious links and handle suspicious emails, messages, and calls carefully. Never provide personal or login information without verification.
- Enable Multi-Factor Authentication (MFA)
Add MFA to key accounts to increase security. Never share verification codes with others.
- Regularly Change Passwords
Change passwords for all important accounts regularly and avoid using the same password across multiple accounts.
For more information, please visit:
- https://www.hkcert.org/blog/the-hidden-dangers-of-third-party-risk-lessons-from-the-recent-data-breaches
- https://www.hkcert.org/blog/16-billion-account-passwords-leaked-worldwide-hkcert-urges-users-to-review-account-security-and-stay-vigilant
- https://www.hkcert.org/blog/beware-of-cyber-attack-protect-personal-information
Join Now! Cyber Security Summit Hong Kong 2025
Jointly organised by the Hong Kong Productivity Council, HKCERT and 10+ other leading information security organisations, the “Cyber Security Summit Hong Kong 2025” will be held from 6 to 7 November at HKCEC with the theme "Future-Proofing Digital Infrastructure: Harnessing AI for Enhanced Security and Resilience". Through an array of engaging speaking sessions, the Summit will delve into how the integration of AI and state-of-the-art cyber security technologies can bolster digital infrastructure against cyber threats.
The Summit will feature a distinguished lineup of speakers, including Ir. Tony Wong from Digital Policy Office, Ms. Ada Chung Lai-ling from Office of the Privacy Commissioner for Personal Data, Mr. Chan Wing On, Francis from the Security Bureau, and Ms. Rachel Hui from Cyber Security and Technology Crime Bureau at the Hong Kong Police (HKP). You will have the opportunity to network and exchange ideas with the expert speakers, and gain valuable insights. Register now for FREE: https://www.cssummit.hk/registration/
- Ends -
FOLLOW US
SUBSCRIBE TO OUR NEWSLETTERS
Share the latest information of HKPC to your inbox