In an email sent to its subscribers, the Hong Kong TV Shopping Network Company Limited, an e-commerce business, states that "a small portion" of its 4.38 million registered users' data was accessed by an alleged third party.
The company claims it appears the customer data was not misused, but part of the email message is as follows:
On 26 January 2022, we discovered abnormal and suspicious activities in our computer system from computer servers located in other Asian areas which had made unauthorized access to customer information of HKTVmall. Upon identifying the unauthorized access, we have immediately contained the event and conducted thorough investigation and since engaged one international and one local leading cybersecurity firms on 27 January 2022 to conduct investigation, and to further enhance HKTVmall's robust network and system security measures in addition to the current 24-hour network security monitoring.
According to current investigation, a small portion of the 4.38 million registered customer information at HKTVmall were accessed. Despite this, while we are unable to confirm the list of affected customers, we hereby notify all customers on this incident through email or HKTVmall message centre.
The company states the accessed data includes "encrypted and masked login passwords", though it did not state what "masked" means and whether their masking regime is enough to thwart bad actors from correctly identifying passwords.
The states they have reported the incident both to the police and the Office of the Privacy Commissioner for Personal Data, Hong Kong. The company has also commenced certain actions to help protect and safeguard its data going into the future.