The operator of Hong Kong's Ngong Ping 360 cable car attraction detected irregularities in its internal network on Thursday and alerted police and the Office of the Privacy Commissioner for Personal Data. An investigation confirmed that certain data had been stolen, with the company facing a ransom demand. The firm has apologised to guests, employees, and stakeholders for the incident.
The operator of Hong Kong's Ngong Ping 360 cable car attraction detected irregularities in its internal network system on Thursday and promptly alerted police and the Office of the Privacy Commissioner for Personal Data. On Friday, the company stated that a subsequent investigation confirmed certain data had been stolen and that it was subjected to a ransom demand. The operator emphasised that the compromised internal network was separate from the cable car operation system, and safety as well as electronic payment data remained unaffected.
A preliminary assessment revealed that the breach compromised information about staff, annual pass holders, suppliers, and tenants at Ngong Ping Village, along with guests on promotional lists. The involved guest data consists of names and contact details, such as phone numbers or email addresses, the company said. “Ngong Ping 360 deeply apologises for any inconvenience caused to guests, employees and relevant stakeholders by this incident,” it added.
Ngong Ping 360 is a popular cable car attraction linking Tung Chung to Ngong Ping on Lantau Island, leading to the Tian Tan Buddha. This incident highlights cybersecurity challenges in the tourism sector, though the operator assured that cable car operations continue normally without impacting visitor safety.