Twenty-one percent more data breaches were recorded last year compared to 2024 while doxxing cases dropped overall, the city’s privacy watchdog said on Tuesday.

The Office of the Privacy Commissioner for Personal Data said it was notified of 246 data breach incidents in 2025, with 92 of them involving schools and non-profit organisations.

Around a third of the total cases involved hacking, and Privacy Commissioner Ada Chung said the situation was “not unique” to Hong Kong.

“Hacking activities happened elsewhere in other jurisdictions,” Chung said.

“In the digital age, instead of storing the data in a physical form, virtually all companies would store them in a digital information system. That’s why hackers would target all these systems to obtain the personal data stored.”

On doxxing, the office handled 308 such cases last year, down 30 percent from the 2024 figure.

It initiated 147 criminal investigations, and referred 47 cases to police. Eighteen suspects were arrested.

The doxxing acts mainly involved monetary disputes, followed by family and relationship conflicts.

Doxxing complaints arising from political disputes only accounted for 1.3 percent of last year’s cases, according to the office.

“We have a consistent drop of doxxing cases which stemmed from political disputes over the years,” Chung said.

“This is a very positive sign that our enforcement work is effective. It is also because of our enhanced publicity and educational efforts, as well as a change in the society’s atmosphere. Nowadays, the atmosphere is more congenial.”

The office also reported three recent data breaches, including one where a hotel’s security department head failed to lock a desk drawer storing staff appraisal forms that were seen by others.

The other two incidents involved organisations sharing documents relating to employment termination that contained the complainants' personal information.