The Correctional Services Department's personnel data computer system was hacked, but no data was leaked.

The Correctional Services Department announced that on the 24th of this month, it discovered that one of its computer systems containing personal data of Correctional Services staff had been illegally accessed by hackers, but there is no evidence to suggest that the relevant data has been leaked or made public.

After a preliminary investigation, the Correctional Services Department believes the incident involves hackers illegally accessing the internal knowledge management system, which then allowed them to illegally access another computer system that stores personal data of Correctional Services staff. The relevant data includes names, gender, date of birth, educational background, as well as employment history and email addresses within the Correctional Services Department. The incident involves approximately 6,800 current and former staff of the Correctional Services Department.

Following the incident, the Correctional Services Department took immediate action, including blocking the internal knowledge management system, notifying users to change their passwords, conducting a comprehensive review of all systems under its jurisdiction, activating backup procedures, and requesting external service providers to investigate the incident. The department has promptly reported the incident to the police and has also informed the Security Bureau, the Privacy Commissioner for Personal Data, and the Office of Digital Policies.