Questions mount over delay after Cathay Pacific admits huge data leak | Inquirer News

Questions mount over delay after Cathay Pacific admits huge data leak

/ 02:24 PM October 25, 2018

(FILES) In this file photo taken on March 15, 2017, Cathay Pacific employees work at their counters at the international airport in Hong Kong. - Shares in Hong Kong carrier Cathay Pacific plunged 6.5 percent on the morning of October 25, 2018 after it admitted to suffering a major data leak affecting up to 9.4 million passengers. (Photo by Anthony WALLACE / AFP)

In this file photo taken on March 15, 2017, Cathay Pacific employees work at their counters at the international airport in Hong Kong. (Photo by Anthony WALLACE / AFP)

Hong Kong carrier Cathay Pacific came under pressure Friday to explain why it had taken five months to admit it had been hacked and compromised the data of 9.4 million customers, including passport numbers and credit card details.

The airline said Wednesday it had discovered suspicious activity on its network in March and confirmed unauthorized access to certain personal data in early May.

Article continues after this advertisement

However, chief customer and commercial officer Paul Loo said officials wanted to have an accurate grasp on the situation before making an announcement and did not wish to “create unnecessary panic”.

FEATURED STORIES

News of the leak sent shares in Cathay, which was already under pressure as it struggles for customers, plunging more than six percent to a nine-year low in Hong Kong trading.

And local politicians slammed the carrier, saying its response had only fuelled worries.

Article continues after this advertisement

“Whether the panic is necessary or not is not for them to decide, it is for the victim to decide. This is not a good explanation at all to justify the delay,” said IT sector lawmaker Charles Mok.

Article continues after this advertisement

And Legislator Elizabeth Quat said the delay was “unacceptable” as it meant customers missed five months of opportunities to take steps to safeguard their personal data.

Article continues after this advertisement

The airline admitted about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed.

Other compromised passenger data included nationalities, dates of births, phone numbers, emails, and physical addresses.

Article continues after this advertisement

“We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised,” chief executive Rupert Hogg said in a statement Wednesday.

Probe launched

But Mok said the public needs to know how the company can prove that was the case.

“Such a statement doesn’t give people absolute confidence that we are completely safe, and it doesn’t mean that some of this data would not be misused later,” Mok told AFP.

He also pointed out that the the European Union’s new General Data Protection Regulation says any such breach should be reported within 72 hours.

Hong Kong’s privacy commissioner Stephen Wong expressed “serious concern” over the breach in a statement Thursday and said the office would initiate a compliance check with the airline.

“Organisations in general that amass and derive benefits from personal data should ditch the mindset of conducting their operations to meet the minimum regulatory requirements only,” Wong said.

“They should instead be held to a higher ethical standard that meets the stakeholders’ expectations alongside the requirements of laws and regulations,” he added.

Cathay said it had launched an investigation and alerted the police after an ongoing IT operation revealed unauthorized access of systems containing the passenger data.

The company is in the process of contacting affected passengers and providing them with solutions to protect themselves.

The troubled airline is already battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

It booked its first back-to-back annual loss in its seven-decade history in March, and has previously pledged to cut 600 staff including a quarter of its management as part of its biggest overhaul in years.

TAGS: Airline, Asia, breach, carrier, Cathay, data, Hong Kong, Pacific, protection

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.