The Faculty of Education at the University of Hong Kong (HKU) on Wednesday said the personal data of around 7,400 students, academic visitors and research programme applicants may have been leaked in a cyberattack on January 30.
In a statement, the faculty said the attack may have also exposed internal files dating back to 2012, such as meeting minutes, room booking records and system management files.
However, it said there is no evidence to suggest that salary information, bank account details, or HKID numbers were disclosed.
"Upon discovering the incident, the faculty took immediate actions to ensure the isolation of the servers. An external cybersecurity consultant and the Information Technology Services of HKU promptly commenced the conduct of a thorough investigation," it said in a statement.
In response, the office of the Privacy Commissioner for Personal Data said it launched a compliance check after the faculty notified it of the data breach. The watchdog said it has not received any complaints about the incident so far.
In August, a major ransomware attack targeting Cyberport exposed some 400 gigabytes of personal information on individuals on a dark web.