Press Release: Cyberattack on the Servers of the Faculty of Education, HKU
新聞稿：港大教育學院伺服器遭入侵

Cyberattack on the Servers of the Faculty of Education, HKU

The computer servers of the Faculty of Education (“Faculty”), HKU were under cyberattack on January 30. Upon discovering the incident, the Faculty took immediate actions to ensure the isolation of the servers. An external cybersecurity consultant and the Information Technology Services (ITS) of HKU promptly commenced the conduct of a thorough investigation.

The Faculty was able to inspect a log file on February 2 and subsequently identified that internal files might have been exfiltrated, including the Faculty’s room booking records; internal guidelines; system management files; as well as meeting agenda papers and minutes dating back to 2012.

Upon the Faculty’s preliminary evaluation, the personal data in the files might include information on around 400 academic visitors, around 3,000 students’ study status, and around 4,000 applicants of research degree programmes.

At the moment, there is no evidence suggesting that salary information, bank account details, or HKID numbers of any individuals have been exfiltrated.

The Faculty condemns all forms of unlawful cyber activities. The incident has been reported to the Hong Kong Police Force and the Office of the Privacy Commissioner for Personal Data. The Faculty is also working actively to review and mitigate the impact of the incident and strengthen its overall cybersecurity measures with advice from ITS. The Faculty is notifying students and alumni about the incident, and may issue further notifications upon continuous review of the situation.

The Faculty expresses its sincere apologies for any inconvenience caused to those potentially affected. They should remain vigilant against any abuse, misuse, or malicious/unlawful use of personal data and may contact the Faculty at the designated email address ([javascript protected email address]) for enquiries.

For media enquiries, please send them to the Faculty of Education at [javascript protected email address].

February 7, 2024

港大教育學院伺服器遭入侵

香港大學教育學院的電腦伺服器於1月30日遭受網絡攻擊。教育學院發現事件後即時確保伺服器連結已中斷，而外聘的網絡安全顧問及港大資訊科技服務（Information Technology Services）亦立即就事件展開徹底調查。

教育學院於2月2日起得以檢視相關的日誌檔案，隨後發現學院的一些內部文件，包括課室預約記錄、內部指引、系統管理文件，及自2012年起的會議議程文件和會議記錄，有機會已被外洩。

經初步評估，檔案可能涉及的個人資料包括約400 名訪問學者的資料、約3,000名學生的學習進度和約4,000名研究式研究生課程申請人的摘要。

目前無證據顯示外洩的資料涉及任何人士的薪金、銀行戶口資料或香港身份證號碼。

教育學院譴責一切形式的非法網絡活動，並已就事件向香港警務處報案及向個人資料私隱專員公署報告。與此同時，學院正積極檢視事件及採取可行的措施以減低事件帶來的影響，並按港大資訊科技服務的意見加強整體網絡保安措施。學院正就此事件通知學生和校友，並將持續檢視情況，適時再作進一步通知。

教育學院對今次事件深表遺憾，並向可能受影響的人士致以衷心歉意，促請他們提高警覺，以防範可能外洩的資料被濫用、誤用、惡意或非法使用，如有疑問可通過特設的電郵地址 （[javascript protected email address]）與學院聯繫。

傳媒如有查詢，請聯絡港大教育學院（電郵: [javascript protected email address]）。

2024年2月7日