Connect with us

Hi, what are you looking for?

World

Questions mount over delay after Cathay Pacific admits huge data leak

-

Hong Kong carrier Cathay Pacific came under pressure Thursday to explain why it had taken five months to admit it had been hacked and compromised the data of 9.4 million customers, including passport numbers and credit card details.

The airline said Wednesday it had discovered suspicious activity on its network in March and confirmed unauthorised access to certain personal data in early May.

However, chief customer and commercial officer Paul Loo said officials wanted to have an accurate grasp on the situation before making an announcement and did not wish to "create unnecessary panic".

News of the leak sent shares in Cathay, which was already under pressure as it struggles for customers, plunging more than six percent to a nine-year low in Hong Kong trading.

Local politicians slammed the carrier, saying its response had only fuelled worries.

"Whether the panic is necessary or not is not for them to decide, it is for the victim to decide. This is not a good explanation at all to justify the delay," said IT sector lawmaker Charles Mok.

The Cathay Pacific passenger data compromised by hackers included passport and ID card numbers  cred...
The Cathay Pacific passenger data compromised by hackers included passport and ID card numbers, credit card informatiion, phone numbers, emails and physical addresses
Anthony WALLACE, AFP/File

And legislator Elizabeth Quat said the delay was "unacceptable" as it meant customers missed five months of opportunities to take steps to safeguard their personal data.

The airline admitted about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed.

Other compromised passenger data included nationalities, dates of births, phone numbers, emails, and physical addresses.

- Probe launched -

"We have no evidence that any personal data has been misused. No-one's travel or loyalty profile was accessed in full, and no passwords were compromised," chief executive Rupert Hogg said in a statement Wednesday.

But Mok said the public needs to know how the company can prove that was the case.

"Such a statement doesn't give people absolute confidence that we are completely safe, and it doesn't mean that some of this data would not be misused later," Mok told AFP.

He also pointed out that the the European Union's new General Data Protection Regulation says any such breach should be reported within 72 hours.

Cathay Pacific is battling to stem major losses as it comes under pressure from lower-cost Chinese c...
Cathay Pacific is battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals
Anthony WALLACE, AFP/File

Hong Kong's privacy commissioner Stephen Wong expressed "serious concern" over the breach in a statement Thursday and said the office would initiate a compliance check with the airline.

"Organisations in general that amass and derive benefits from personal data should ditch the mindset of conducting their operations to meet the minimum regulatory requirements only," Wong said.

"They should instead be held to a higher ethical standard that meets the stakeholders' expectations alongside the requirements of laws and regulations," he added.

Cathay said it had launched an investigation and alerted the police after an ongoing IT operation revealed unauthorised access of systems containing the passenger data.

The company is in the process of contacting affected passengers and providing them with solutions to protect themselves.

- Struggling business -

Cathay Pacific is already battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals.

It booked its first back-to-back annual loss in its seven-decade history in March, and has previously pledged to cut 600 staff including a quarter of its management as part of its biggest overhaul in years.

The troubled airline did not mention financial compensation for passengers affected by the data leak, but British Airways pledged to compensate customers when the UK flag carrier suffered a data hack last month.

BA revealed in September that personal and financial details of about 380,000 customers who booked flights on the group's website and mobile phone app over several weeks had been stolen.

The leak is the latest to hit global companies in recent years.

Facebook revealed last month that up to 50 million accounts were breached by hackers, while ride-sharing giant Uber was vilified after a breach in 2016 of data on 57 million of its riders and drivers was revealed only in November 2017.

In April, the holding company of Yahoo was fined $35 million by US regulators because it had not informed them until this year that hackers had stolen "crown jewel" data including email addresses and passwords.

And in US credit bureau Equifax identified almost 150 million American consumers' personal details had been exposed by a massive data breach that sparked a public outcry and a congressional probe.

In 2011 Sony suffered a massive breach that compromised more than 100 million accounts and forced it to temporarily halt its PlayStation Network and Qriocity services.

Hong Kong carrier Cathay Pacific came under pressure Thursday to explain why it had taken five months to admit it had been hacked and compromised the data of 9.4 million customers, including passport numbers and credit card details.

The airline said Wednesday it had discovered suspicious activity on its network in March and confirmed unauthorised access to certain personal data in early May.

However, chief customer and commercial officer Paul Loo said officials wanted to have an accurate grasp on the situation before making an announcement and did not wish to “create unnecessary panic”.

News of the leak sent shares in Cathay, which was already under pressure as it struggles for customers, plunging more than six percent to a nine-year low in Hong Kong trading.

Local politicians slammed the carrier, saying its response had only fuelled worries.

“Whether the panic is necessary or not is not for them to decide, it is for the victim to decide. This is not a good explanation at all to justify the delay,” said IT sector lawmaker Charles Mok.

The Cathay Pacific passenger data compromised by hackers included passport and ID card numbers  cred...

The Cathay Pacific passenger data compromised by hackers included passport and ID card numbers, credit card informatiion, phone numbers, emails and physical addresses
Anthony WALLACE, AFP/File

And legislator Elizabeth Quat said the delay was “unacceptable” as it meant customers missed five months of opportunities to take steps to safeguard their personal data.

The airline admitted about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed.

Other compromised passenger data included nationalities, dates of births, phone numbers, emails, and physical addresses.

– Probe launched –

“We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised,” chief executive Rupert Hogg said in a statement Wednesday.

But Mok said the public needs to know how the company can prove that was the case.

“Such a statement doesn’t give people absolute confidence that we are completely safe, and it doesn’t mean that some of this data would not be misused later,” Mok told AFP.

He also pointed out that the the European Union’s new General Data Protection Regulation says any such breach should be reported within 72 hours.

Cathay Pacific is battling to stem major losses as it comes under pressure from lower-cost Chinese c...

Cathay Pacific is battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals
Anthony WALLACE, AFP/File

Hong Kong’s privacy commissioner Stephen Wong expressed “serious concern” over the breach in a statement Thursday and said the office would initiate a compliance check with the airline.

“Organisations in general that amass and derive benefits from personal data should ditch the mindset of conducting their operations to meet the minimum regulatory requirements only,” Wong said.

“They should instead be held to a higher ethical standard that meets the stakeholders’ expectations alongside the requirements of laws and regulations,” he added.

Cathay said it had launched an investigation and alerted the police after an ongoing IT operation revealed unauthorised access of systems containing the passenger data.

The company is in the process of contacting affected passengers and providing them with solutions to protect themselves.

– Struggling business –

Cathay Pacific is already battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals.

It booked its first back-to-back annual loss in its seven-decade history in March, and has previously pledged to cut 600 staff including a quarter of its management as part of its biggest overhaul in years.

The troubled airline did not mention financial compensation for passengers affected by the data leak, but British Airways pledged to compensate customers when the UK flag carrier suffered a data hack last month.

BA revealed in September that personal and financial details of about 380,000 customers who booked flights on the group’s website and mobile phone app over several weeks had been stolen.

The leak is the latest to hit global companies in recent years.

Facebook revealed last month that up to 50 million accounts were breached by hackers, while ride-sharing giant Uber was vilified after a breach in 2016 of data on 57 million of its riders and drivers was revealed only in November 2017.

In April, the holding company of Yahoo was fined $35 million by US regulators because it had not informed them until this year that hackers had stolen “crown jewel” data including email addresses and passwords.

And in US credit bureau Equifax identified almost 150 million American consumers’ personal details had been exposed by a massive data breach that sparked a public outcry and a congressional probe.

In 2011 Sony suffered a massive breach that compromised more than 100 million accounts and forced it to temporarily halt its PlayStation Network and Qriocity services.

AFP
Written By

With 2,400 staff representing 100 different nationalities, AFP covers the world as a leading global news agency. AFP provides fast, comprehensive and verified coverage of the issues affecting our daily lives.

You may also like:

Entertainment

On Friday, October 4th, actor and singer Juan Pablo Di Pace performed at 54 Below in New York City. Michael Orland served as his...

Social Media

A Prague hospital said it was treating five children who had swallowed magnets following a "piercing challenge" they had found on TikTok.

World

Raymonde Desiree, a member of the Chagossian community living in Crawley, south of London - Copyright AFP ANDREW CABALLERO-REYNOLDSMarie HEUCLINRaymonde Desiree was 25 when...

World

Rubble in a central Israeli city in the aftermath of the Iranian missile attack, Tehran's second-ever direct strike on its regional foe - Copyright...