The operator of Hong Kong’s Ngong Ping 360 cable car attraction has apologised after the personal data of visitors and employees was stolen in a ransomware attack.
The company on Thursday detected irregularities in its internal network system and alerted police and the Office of the Privacy Commissioner for Personal Data.
“Subsequent investigation confirmed that certain data had been stolen and the company was subjected to a ransom demand,” the operator said on Friday. “Ngong Ping 360 deeply apologises for any inconvenience caused to guests, employees and relevant stakeholders by this incident.”
A preliminary assessment found the breach compromised information about staff, annual pass holders, suppliers and tenants at Ngong Ping Village, as well as guests on promotional lists.
“It has been initially confirmed that the involved guest data consists of names and contact details (such as phone numbers or email addresses),” the company said.
The operator emphasised that the compromised internal network was separate from the cable car operation system, and safety and electronic payment data remained unaffected.
