2025-01-23
[Announcement] Hong Kong Green Building Council Data Breach Notification
On 21 January 2025, the Hong Kong Green Building Council (the Council) was notified of an attempt by an unauthorised party to sell the personal data of BEAM Practitioners on the dark web. After an initial investigation, it is suspected that the IT system of the Council’s external service provider has been hacked. The Council has dealt with the incident seriously, promptly deactivated the concerned platforms and informed affected practitioners. The incident has been reported to the Police and the Office of the Privacy Commissioner for Personal Data.
The data involves the names, company telephone numbers, mobile phone numbers and membership numbers of professional qualifications held by 6,666 BEAM Practitioners, encompassing BEAM Professionals, BEAM Affiliates and Green Building Faculty Members.
The Council places utmost priority on data security and treats this matter with the highest level of seriousness. Actions have been taken to contain the breach. A series of enhanced data protection measures have been and will continue to be implemented, including a comprehensive review and upgrade of network security facilities to minimise the risk of similar incidents in the future. The Council will cooperate fully with the Office of the Privacy Commissioner for Personal Data on follow-up actions.
The Council has established a dedicated email account [email protected] to handle enquiries from affected parties.
The data involves the names, company telephone numbers, mobile phone numbers and membership numbers of professional qualifications held by 6,666 BEAM Practitioners, encompassing BEAM Professionals, BEAM Affiliates and Green Building Faculty Members.
The Council places utmost priority on data security and treats this matter with the highest level of seriousness. Actions have been taken to contain the breach. A series of enhanced data protection measures have been and will continue to be implemented, including a comprehensive review and upgrade of network security facilities to minimise the risk of similar incidents in the future. The Council will cooperate fully with the Office of the Privacy Commissioner for Personal Data on follow-up actions.
The Council has established a dedicated email account [email protected] to handle enquiries from affected parties.