On Thursday Dec 21, Hong Kong’s privacy watchdog served Carousell with an enforcement notice to implement cybersecurity measures after it found the marketplace operator to be in contravention of data privacy law in the special administrative region.

Carousell was directed by the Office of the Privacy Commissioner for Personal Data (PCPD) to engage an independent data security expert, ensure the security of personal data of local users and provide documentary proof of the implementation of these measures to Privacy Commissioner Ada Chung Lai-ling within two months.

announced its decision after completing a ten-month investigation into the leakage of the personal data of 2.6 million Carousell users worldwide, including more than 320,000 in Hong Kong.

The investigation was initiated after Carousell notified the PCPD in October last year about a listing in an online forum that offered the personal data of its users for sale.

This arose from a data breach that occurred during a system migration at the company in January 2022. However, the leak included neither payment card nor password information, according to Carousell.

Founded in 2012 and based in Singapore. marketplaces operator Carousell Group is also present in Malaysia, Indonesia, the Philippines and Taiwan.

Print Friendly, PDF & Email

Related Articles