Generic hacker in a hoodie

It took Chinese police only four days to arrest a hacker they believe breached the servers of two Hong Kong travel agencies, stole their data, and then asked for a ransom in Bitcoin.

The hacks took place in the first days of January and hit Big Line Holiday and Goldjoy Travel.

Neither police or the travel agencies revealed how the hacker got in, but they said he obtained a copy of their databases, which included customer names, ID numbers, passport numbers, telephone numbers, and in some cases, payment card details.

After making copies of these databases, the hacker emailed both companies, threatening to release the data online unless he was paid a ransom of 1 Bitcoin (around $15,000 at the time of the ransom demand). The hacker claimed to have information on around 200,000 customers.

Both travel agencies contacted the police and issued public statements disclosing the hack [1, 2], apologizing for the incident, and announcing subsequent maintenance operations for improving their IT infrastructure.

Hacker arrested over the weekend

According to reports from local Hong Kong press [1, 2], police arrested a 30-year-old man on Saturday, January 6. The yet-to-be-named hacker faces up to 14 years in a Chinese prison.

The man was an IT engineer, police said. Officers arrested the man at his home on the Cheung Chau island. They searched his home and his shop in the city of Kwun Tong, Hong Kong, from where they seized two desktop computers, two laptops, one tablet and five mobile smartphones.

Superintendent Swalikh Mohammed of the Cyber Security and Technology Crime Bureau said investigators tracked down the man's IP address using server logs retrieved from the two hacked travel agencies.

Police investigating ties to WWPKG ransom incident

Police are still investigating if the suspect is also behind the hack of WWPKG Holdings, Hong Kong's largest travel agency.

Back in November 2017, a hacker breached WWPKG's server, stole data on 200,000 customers, and demanded a ransom payment. The hacker encrypted some of WWPKG's files in that incident.

Instead of paying the ransom, WWPKG filed a police complaint and managed to decrypt the files with the police's help.

Article updated to correct one of the agency's names.