Cyber security incident refers to any unauthorized access, use or modification to the University’s IT resources including end-points, servers, applications, network and data. Such accesses, uses or modifications usually happen in the form of:

• Computer viruses or malicious codes
• Hoaxes or scams enticing individuals to surrender confidential information
• Manual or automated hacking activities
• Leaks or breach of restricted or confidential data

In particular, when a cyber security incident involves (or is believed to involve) leakage or breach of personal data, the incident should be considered a Personal Data Incident. In compliance with the Hong Kong Data Privacy Ordinance, such incidents need to be further reported to the Hong Kong Government via the University Data Privacy Officer according to the guidelines detailed in the University’s Personal Data Privacy Policy.

For the protection of individuals, units and the University as a whole, cyber security incidents should be handled properly according to the Cyber Security Incident Handling Policy.