Yau Yat Chuen Garden City Club’s management system rendered inoperable due to ransomware attack that encrypted information system files
2-MIN READ2-MIN ListenFiona SunPublished: 4:41pm, 23 Apr 2026A data breach at Yau Yat Chuen Garden City Club has compromised the personal information of more than 9,000 people, Hong Kong’s privacy watchdog has found, urging organisations to review security measures and update software to close loopholes.
The Office of the Privacy Commissioner for Personal Data on Thursday also released a guide for parents and teachers to safeguard children’s online privacy amid increasing risks facing youngsters online.
Revealing the data breach, Privacy Commissioner for Personal Data Ada Chung Lai-ling said the private recreational club notified the office on October 31 last year that its club management system was rendered inoperable due to a ransomware attack that encrypted information system’s files stored on a server.
The management system was provided and maintained by an external service provider, which was able to remotely access the server via dedicated software to offer technical support.
The office’s investigation revealed that the software was operating on an outdated version that contained a known security vulnerability at the time of the data breach, enabling the “threat actor” to compromise the account credentials used by the service provider and gain direct entry to the server where personal data was stored.
The server was also left in a logged-in state without the implementation of additional authentication controls, while the club’s antivirus software and firewall were outdated, making them unable to detect and prevent hacking activities.
