Ngong Ping 360 confirmed on 27 February that a cyber incident led to the theft of personal data and an accompanying ransom demand. The operator said it first noticed unusual activity on 26 February, immediately alerted the police and the Office of the Privacy Commissioner for Personal Data, and launched containment and forensic investigations.
What happened and who’s affected According to Ngong Ping 360’s preliminary review, the information taken appears to be limited mainly to names and contact details — phone numbers and email addresses — belonging to several groups connected with the attraction. Those affected include visitors, employees, annual pass holders, marketing participants, certain contractors, suppliers and tenants of Ngong Ping Village. The company says there’s no indication so far that financial information, payment card data or identity documents were accessed.
Containment, systems and safety The operator stressed that ticketing and retail e‑payment systems are hosted on segregated networks and were not part of the compromised environment. Cable‑car control and safety systems are also separated from the affected internal network, and Ngong Ping 360 says there is no risk to the physical safety of the cable car service. Normal operations between Tung Chung and Ngong Ping have continued, with extra staff deployed on site to help with queues and customer service.
Notifications and support for impacted people Ngong Ping 360 has contacted those it believes were affected and set up a dedicated enquiry hotline to answer questions. The company has published guidance urging people to watch for suspicious emails, calls or messages and to verify any unexpected requests for personal information. It also recommends checking bank and card statements and contacting card issuers if customers spot anything unusual.
Investigation and next steps An external cybersecurity firm has been engaged to carry out a forensic analysis while the operator continues its internal review. Immediate steps taken include isolating the affected network segment, tightening access controls, resetting privileged credentials, enforcing multifactor authentication where needed, patching vulnerabilities, validating backups, and reviewing third‑party access. Monitoring has been ramped up with around‑the‑clock analyst coverage.
Ngong Ping 360 confirmed it received an extortion demand and is evaluating options in consultation with law enforcement and the privacy regulator. The company says it will provide updates as verifiable information becomes available and will cooperate fully with authorities.
Accountability and remediation In its public statement the operator apologised to guests, staff and partners and pledged to strengthen protections to reduce the chances of a repeat incident. Practical next steps include completing the forensic baseline, restoring any affected segmented services, finalising regulator briefings, and implementing further controls identified by the investigation.
Where to get information Official updates will be posted through Ngong Ping 360’s channels. Anyone with concerns or who believes their information may have been exposed should use the operator’s dedicated enquiry hotline or follow the guidance issued on its website for authoritative advice.