The Consumer Council on Friday confirmed it has been the victim of a hacking attack, saying it won't pay a blackmail demand and will only find out exactly what data has been stolen when it gets leaked on the internet.
The watchdog said its computer system was hacked on Wednesday and was told to pay a ransom of US$700,000 to prevent the stolen data from being made public.
The hackers are offering a US$200,000 discount if the ransom is paid by 11.20pm on Saturday.
The attack comes just weeks after government-owned Cyberport also fell prey to hackers who stole personal information on various individuals linked to the technology park.
The Consumer Council said it wasn't sure what data has been stolen from its system, but it could include ID and phone numbers of current and former staff, their relatives, as well as job applicants.
The watchdog said the breach might also affect some 8,000 subscribers to its CHOICE magazine.
"Because we will definitely not pay the ransom, we will probably need to wait until after the ransom deadline and the attackers leak the stolen data to determine what data has exactly been stolen," said Gilly Wong, the council's chief executive.
At a press briefing, chairman Clement Chan said the hacking incident has caused disruption to the council's services.
"The attack has resulted in almost 80 percent damage of the computer system, causing disruption to its hotline services and update of price comparison tools," said Chan.
"The council has taken immediate action to strengthen the security measures of the system to prevent further attacks by the hacker, whilst appointing a forensic expert immediately to conduct investigations. Hotline services have currently resumed after emergency repairs."
The council said it would reach out to potential victims of the breach in the next few days, adding that it has also reported the incident to the police and the privacy watchdog.