WWPKG Holdings, one of Hong Kong’s major travel agencies, has warned it was hacked this week, putting at risk the personal information of its customers, thought to number as many as 200,000.
The company believes it is a distributed denial-of-service (DDoS) attack, which takes down web servers and will only reinstate it after demanding payment.
The company, which does business as Package Tours (Hong Kong), specialises in trips to Japan.
It reported the matter to police after temporarily shutting down its website and offices earlier this week.
Company CEO Yuen Chun-ning said a seven-figure ransom demand was received to be paid in bitcoin but said the company refused to pay, the Standard newspaper reported.
Data accessed by hackers ‘may contain information such as clients’ names, passport numbers, credit card information, and purchase history,’ the company earlier said in a statement to the stock exchange.
"We are reaching out to every possibly affected customer to alert him or her of this data breach and the potential exposure of personal information. We are committed to protecting our customers’ information and their privacy to ensure against any such incident in the future. We will continue to strengthen the security of our systems."
Yuen said about 10% of all customer records includes credit card data.
"The Privacy Commissioner is concerned about the incident, particularly since it may involve a large amount of sensitive, personal data," the Hong Kong Office of the Privacy Commissioner for Personal Data said.
