A cyber attack on Hong Kong's Cyberport which was announced by the technology park on Wednesday actually happened at least a few weeks ago, the Office of the Privacy Commissioner has revealed.
Sources have told RTHK that Cyberport is being blackmailed to the tune of US$300,000 by a ransomware group that says it has got hold of 400GB of the park's data, including personal information on individuals.
The hackers are said to be threatening to publicly release the data if Cyberport doesn't pay up.
On Wednesday, Cyberport said it had reported a "cyber security incident" to the police, involving unauthorised access to its computer system.
It did not mention anything about being blackmailed or having lost access to its data, which the hackers are believed to have encrypted.
In response to media enquiries, the privacy commissioner's office said on Thursday that it was informed on August 18 about the data breach.
The office said it has launched a compliance review.
It added that it had suggested to Cyberport that it should inform people affected by the incident as soon as possible.
The park has said it will "provide all necessary assistance to those affected."