Cathay data leak fuels questions over delay
Print Edition
Hong Kong carrier Cathay Pacific came under pressure yesterday to explain why it had taken five months to admit it had been hacked and compromised the data of 9.4 million customers, including passport numbers and credit card details.
The airline said on Wednesday it had discovered suspicious activity on its network in March and confirmed unauthorized access to certain personal data in early May.
However, chief customer and commercial officer Paul Loo said officials wanted to have an accurate grasp on the situation before making an announcement and did not wish to 鈥渃reate unnecessary panic.鈥
Local politicians slammed the carrier, saying its response had only fuelled worries.
鈥淲hether the panic is necessary or not is not for them to decide, it is for the victim to decide. This is not a good explanation at all to justify the delay,鈥 said IT sector lawmaker Charles Mok.
And legislator Elizabeth Quat said the delay was 鈥渦nacceptable鈥 as it meant customers missed five months of opportunities to take steps to safeguard their personal data.
The airline admitted about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed.
Other compromised passenger data included nationalities, dates of births, phone numbers, e-mails, and physical addresses.
鈥淲e have no evidence that any personal data has been misused. No-one鈥檚 travel or loyalty profile was accessed in full, and no passwords were compromised,鈥 Chief Executive Rupert Hogg said in a statement on Wednesday.
But Mok said the public needs to know how the company can prove that was the case. 鈥淪uch a statement doesn鈥檛 give people absolute confidence that we are completely safe, and it doesn鈥檛 mean that some of this data would not be misused later,鈥 Mok said.
He also pointed out that the European Union鈥檚 new General Data Protection Regulation says any such breach should be reported within 72 hours.
Hong Kong鈥檚 privacy commissioner Stephen Wong expressed 鈥渟erious concern鈥 over the breach in a statement yesterday and said the office would initiate a compliance check with the airline.
鈥淥rganizations in general that amass and derive benefits from personal data should ditch the mindset of conducting their operations to meet the minimum regulatory requirements only,鈥 he said.
鈥淭hey should instead be held to a higher ethical standard that meets the stakeholders鈥 expectations alongside the requirements of laws and regulations.鈥
Cathay said it had launched an investigation and alerted the police after an ongoing IT operation revealed unauthorized access of systems containing the passenger data. The company is in the process of contacting affected passengers and providing them with solutions to protect themselves.
Cathay is already battling to stem major losses as it comes under pressure from lower-cost fellow Chinese carriers and Middle East rivals.
It booked its first back-to-back annual loss in its 70-year history in March, and has previously pledged to cut 600 staff, including a quarter of its management as part of its biggest overhaul in years.
The troubled airline did not mention financial compensation for passengers affected by the data leak, but British Airways pledged to compensate customers when the United Kingdom flag carrier suffered a data hack last month.
BA revealed in September that personal and financial details of about 380,000 customers who booked flights on the group鈥檚 website and mobile phone app over several weeks had been stolen.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 娌狪CP璇侊細娌狪CP澶05050403鍙-1
- |
- 浜掕仈缃戞柊闂讳俊鎭湇鍔¤鍙瘉锛31120180004
- |
- 缃戠粶瑙嗗惉璁稿彲璇侊細0909346
- |
- 骞挎挱鐢佃鑺傜洰鍒朵綔璁稿彲璇侊細娌瓧绗354鍙
- |
- 澧炲肩數淇′笟鍔$粡钀ヨ鍙瘉锛氭勃B2-20120012
Copyright 漏 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
