Data Privacy & Cybersecurity

AI Security and Cybersecurity Summit for Enterprises Registration Open

The Office of the Privacy Commissioner for Personal Data (PCPD) and HKIRC are co-organising an AI Security and Cybersecurity Summit for Enterprises on March 31, 2026. Registration is now open for organizations to address AI security and cybersecurity risks. The event aims to raise awareness and readiness among businesses, including SMEs.

Hong Kong PCPD Arrests Two for Suspected Doxxing

The Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) arrested two men for suspected doxxing and disclosure of personal data without consent, in contravention of the Personal Data (Privacy) Ordinance. The arrests stem from a monetary dispute where personal data and family photos were posted online.

Privacy Commissioner Warns of Construction Worker Recruitment Fraud

The Hong Kong Privacy Commissioner's Office issued a warning regarding fraudulent recruitment advertisements targeting construction workers. The office received 42 complaints in two weeks involving scams that requested sensitive personal data, including construction site "Three Essentials." The PCPD urges vigilance and provides guidance on safeguarding personal data during job applications.

AI Chatbots Provide Biased Voting Advice, Ignoring Local Parties

The Dutch Data Protection Authority (AP) released a study showing AI chatbots rarely recommend local political parties when providing voting advice. The AP warns that this bias makes chatbots unreliable voting aids and calls on providers to implement measures to prevent their systems from being used for voting advice, especially in light of the EU AI Act.

Fortinet Vulnerabilities Require Immediate Updates

The Cyber Security Agency of Singapore (CSA) has issued an alert regarding high-severity vulnerabilities in multiple Fortinet enterprise products. Users are strongly advised to update affected systems immediately to mitigate risks of unauthorized code execution, authentication bypass, and privilege escalation.

HPE Patches Critical Aruba Networking AOS-CX Vulnerabilities

Hewlett Packard Enterprise (HPE) has released patches for critical vulnerabilities in its Aruba Networking AOS-CX operating system. The most severe flaw (CVE-2026-23813) allows unauthenticated remote attackers to reset administrator passwords. Users are urged to update immediately.

Critical Cisco Secure Firewall Management Center Vulnerabilities Addressed

Cisco has released security updates for critical vulnerabilities (CVSS 10.0) in its Secure Firewall Management Center software. Users of affected on-premises versions are advised to update immediately to prevent root access and arbitrary code execution.

Microsoft Security Patches for Critical Vulnerabilities

The Cyber Security Agency of Singapore (CSA) has issued an alert regarding Microsoft's release of security patches for critical vulnerabilities in its software. These patches address multiple security flaws, some with a base score of 9.8, requiring immediate attention from users and organizations.

Ransomware Incident Data Breach and Security Lapses

Singapore's Personal Data Protection Commission issued a decision regarding a ransomware incident affecting 39,000 individuals' data due to security lapses. Three separate undertakings were also accepted for similar incidents. The Commission directed the organization to strengthen its security posture and highlighted key takeaways for all organizations to prevent future breaches.

PDPC Publishes Four Undertakings on Ransomware and Unauthorized Access

Singapore's Personal Data Protection Commission (PDPC) has published four undertakings from organizations that experienced ransomware attacks and unauthorized access. These undertakings detail remediation measures to strengthen cybersecurity defenses and data protection practices.