Hong Kong’s privacy watchdog has renewed its demand that Facebook notify its 3 million users in the city that their personal data has been leaked online, after the US social media giant failed to respond to a similar request made two days ago.

The city’s privacy commissioner for personal data, Ada Chung Lai-ling, on Tuesday said her office first contacted Facebook’s Hong Kong office on Sunday, the day news broke of a massive leak involving more than 500 million users worldwide.

“We wrote to Facebook immediately and have been in contact with its staff. They told us the data was from a leak that took place in 2019. The data concerned included usernames, Facebook IDs, email addresses, phone numbers, locations, dates of birth and their bios,” Chung told an RTHK programme on Tuesday.

Hong Kong’s privacy commissioner has now twice requested that Facebook notify Hong Kong users directly about the recent leak of their personal information.


Her office has requested the California-based firm inform Hong Kong users of the leak as soon as possible, as those affected could still be using the same phone numbers and email addresses they were two years ago.

“They still have not responded to us on this officially, but we have already reminded them. Facebook must handle the problem quickly and properly,” Chung added.

Shortly after the data emerged online, Facebook revealed it had been hacked in 2019 and said the security issue had been fixed in August of that year.

Local media reports have suggested lawmaker Regina Ip Lau Suk-yee, a former security minister, was among those whose personal data was made publicly available. According to Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, the web page carrying the leaked information was no longer accessible as of Tuesday.

Chung, the privacy commissioner, expressed concern that criminals could use the data for nefarious purposes such as stealing identities to borrow money.

“Even though the data was from an old leak, it can still be used [by criminals],” she said.

“Some people may pretend that they know you, because they already have some information about you, then try to gather more personal information.”

She urged Facebook users to update their passwords and begin using a two-step verification process.

While no reports have indicated passwords were compromised, Facebook did not comment when the Post asked about the issue on Tuesday, nor did it pledge to notify affected users.

“We have been in contact with the Office of the Privacy Commissioner for Personal Data about the incident, and clarified that this is old data that was previously reported on in 2019. We found and fixed this issue in August 2019. We will continue to keep in close contact with the office in regards to their inquiries,” a Facebook spokesman replied.

While Facebook said the issue had long been fixed, Fong, the IT expert, said: “The data has already been leaked. What’s done cannot be undone.”

“The data has already been leaked for two years. What have hackers done with this data? … We don’t know if the data included passwords. The set of data made public doesn’t contain passwords, but it doesn’t mean the hackers don’t have them,” he added.

He urged Hongkongers to use different passwords for different internet platforms.

Facebook has been battling data security problems for years. In 2018, it was revealed that political consultancy Cambridge Analytica accessed the information of about 87 million Facebook users without their consent. Facebook later disabled a feature that allowed anyone to search for users via their phone numbers.