Regina Ip Lau Suk-yee, a lawmaker, said there was no possibility government documents related to her role as a member of Chief Executive Leung Chun-ying's Executive Council could have been leaked during the hack. A spokeswoman for the Chief Executive's Office confirmed Exco documents were never delivered by email.
The New People's Party chairwoman believes she fell prey to the hackers when she opened an attachment on an email purportedly from MTR Corporation chairman Dr Raymond Chien Kuo-fung last Sunday.
"He wrote in the email, 'Regina, I need help. Urgent. Please open the attachment'," Ip said. "I thought a friend needed help so I opened the attachment at once. I guess that's when I fell into the trap."
She added that Chien emailed her hours later, saying his account had been hacked and advising her to change her password. "Because I was busy, I forgot to change the password," Ip said.
Ip only found out about the hack last Tuesday when a member of staff from her bank contacted her tell her a US$65,000 (HKD$500,000) transfer had gone through, and another transfer had been requested. It is understood the money was moved out of Ip's account in Switzerland to an account in the US.
"I believe (the hackers) found … instructions I once made to the bank to transfer a sum in US dollars to an account in the United States," Ip said. "They then forged a letter to instruct the bank to make a US$65,000 transfer."
It is unclear whether Ip will have the money reimbursed but there were reports the bank involved is willing to compensate for her loss.
A police spokesman said the case is being treated as one of obtaining property by deception. No arrests have been made.
Police figures show a 25 per cent fall in cases involving unauthorised access to computers last year compared to 2013. However, the total sum stolen from 2014 rose by 31 per cent to HK$1 billion.
The public is advised to avoid downloading documents from unknown sources, to change passwords regularly and avoid using the same password for multiple accounts.