The Privacy Commissioner for Personal Data (PCPD) and the Hong Kong Police Force have launched investigations into executive search firm aimHigher, after the firm allegedly leaked personal data of candidates.
Ming Pao reported that the incident came to light when an applicant uploaded his CV onto aimHigher’s website. Upon receiving the confirmation email from the company, he suspected the link of his CV on the company’s website had not been encrypted.
He tried if he could potentially gain access to the personal data of other candidates simply by altering the digits on a code contained in the link and succeeded. He believed it is a breach of privacy and decided to file a complaint with the PCPD.
Privacy Commissioner for Personal Data Stephen Wong Kai Yi said in a statement to Human Resources he is highly concerned about the incident.
“We are currently looking into the case and it is of particular concern because it involves the personal information of a large number of candidates. Details containing the name, address, telephone number, date of birth, identity card number, education and work experience of candidates were exposed,” said Wong.
“If a company has exposed clients’ or job applicants’ personal data to unauthorised access, even if it is an accident, the company will still have breached the data security principles under the Personal Data (Privacy) Ordinance,” he added.
Speaking to Human Resources, aimHigher’s executive director Joseph Oei, said an internal investigation revealed that there had been a number of cases of unauthorised access to candidates’ CVs through the company’s website.
“In order to protect from any further unauthorised access through our website, immediate action has been taken. We have ceased the operation of our website so that no CVs can now be accessed through our website whatsoever.”
“We take this unauthorised access to the data from our website very seriously. Apart from cooperating closely with the Privacy Commissioner concerning the leakage, we have reported the incident to the police for them to investigate if there is any element of crime involved,” said Oei.
At the time of publishing, aimHigher’s website cannot be accessed.