Travel Expert (Asia) Enterprises Limited Reports Unauthorized Access to Information Systems

Key Points from the Announcement

• Unauthorized Access Incident: The Group discovered unauthorized access to certain internal servers and shared storage systems. Data involved may include customer orders, operational records, employee files, and system data.
• Immediate Response Measures: The company has initiated several actions, including:
  • Establishing an internal emergency committee for coordinated response
  • Appointing independent cybersecurity experts for a comprehensive forensic investigation
  • Reporting the incident to the Hong Kong Police Force and the Office of the Privacy Commissioner for Personal Data, Hong Kong
  • Activating its business continuity plan and using cloud-based collaboration tools to maintain continuity of new orders and services, as well as data security
• Credit Card Data Not Affected: All credit card-related operations are outsourced to third-party payment processors or banks, ensuring no risk of credit card information leakage.
• Business Operations Remain Stable: Initial assessments show no significant impact to overall business operations. The company is still evaluating the effects on specific internal processes.
• Ongoing Oversight and Communication: The Board is monitoring developments closely and will provide further updates in accordance with regulatory requirements, including any customer data security risk updates to the Office of the Privacy Commissioner for Personal Data.
• Commitment to Data Security: The Group has reaffirmed its commitment to strengthening information system security to prevent future incidents.

Important Information for Shareholders and Potential Investors

• Potentially Price-Sensitive Information:
  • The incident involves unauthorized access to sensitive internal data, including customer and employee information, which could potentially impact customer confidence, operational processes, and reputational risk.
  • The company has not confirmed the exact scope of affected data and is pending a third-party forensic investigation. Any negative findings or further disclosures could be material and affect share value.
  • Business continuity measures have been activated, and preliminary assessments show stable operations, but the company warns that the impact on specific internal processes is still being evaluated.
  • The company has committed to making further announcements as required under Rule 13.09(2) of the Listing Rules and Part XIVA of the Securities and Futures Ordinance. Investors should monitor updates closely as new information may emerge.
• Risk Mitigation: Outsourcing of credit card transactions to third parties is a positive sign, removing direct exposure to payment data leakage.
• Caution Advised: Management advises shareholders and investors to exercise caution when dealing in the company’s shares, as the information is based on preliminary assessments and further developments are possible.

Details and Management Response

• Incident Discovery: The Group recently identified unauthorized access to its internal systems. Data potentially affected includes customer orders, operational records, employee files, and system data. Confirmation of affected data is pending from independent cybersecurity experts.
• Cybersecurity and Recovery Actions: The Group is appointing a third-party professional organization for data recovery, and independent cybersecurity experts are conducting a comprehensive forensic investigation.
• Regulatory Reporting: The incident has been reported to relevant authorities, including the Hong Kong Police Force and the Office of the Privacy Commissioner for Personal Data.
• Business Continuity: The Group activated its business continuity plan, utilizing cloud-based tools to ensure ongoing operations and data security. There is no significant disruption to business operations.
• Board Oversight: The Board remains actively engaged in monitoring the situation, with ongoing assessment of internal process impacts and plans for further announcements as necessary.
• Commitment to Security: Travel Expert (Asia) Enterprises Limited reiterates its commitment to reinforce information system security and defend against similar incidents in the future.

Executive Team at the Date of Announcement

The Board comprises Mr. Ko Wai Ming, Daniel (Chairman), Ms. Cheng Hang Fan, and Mr. Ko Chun Wang, Kelvin as Executive Directors, and Mr. Chau Kwok Wing, Kelvin, Mr. Mak King Sau, and Mr. Tse Kam Tim as Independent Non-executive Directors.

Conclusion

This incident of unauthorized access to internal information systems is an important development for shareholders and potential investors. The company’s swift response and transparency in reporting are positive, but uncertainty remains regarding the full scope and impact. Investors should exercise caution and stay alert for further announcements, as new information could materially affect share value.

Disclaimer: This article is for informational purposes only and does not constitute investment advice. The information is based on the preliminary assessment provided by Travel Expert (Asia) Enterprises Limited and may be subject to change. Investors are advised to exercise caution and consult with professional advisors before making any investment decisions.

View TRAVEL EXPERT Historical chart here