top of page

24 January 2025

PCPD Investigation Findings on the Data Breach Incident of Oxfam (refer to news posted dated July 29 2024)

PCPD Investigation Findings on the Data Breach Incident of Oxfam (refer to news posted dated July 29 2024)

Last news posted on July 29 2024-Oxfam HK revealing it suffered cyberattack


PCPD report - The investigation revealed that over 330 GB of data was exfiltrated potentially affected around 550,000 data subjects. Below deficiencies of Oxfam contributed to the occurrence of the Incident:

  1. Outdated Firewalls which contained critical vulnerabilities;

  2. Failure to enable multi-factor authentication;

  3. Lack of critical security patches of servers;

  4. Ineffective detection measures in the information systems;

  5. Inadequacies of the security assessments of information systems;

  6. Lack of specificity of its information security policy; and

  7. Prolonged retention of personal data.

Copyright @2024 The University of Hong Kong. All Rights Reserved.
bottom of page