Travel TechnologyAirline’s lax data protection and security, and delayed disclosure at fault.

Cathay cops blame for massive cyber attack

By
|
GettyImages 190607
Cathay Pacific said it has found no report of misuse of the exposed data, or of it being listed on the ‘dark web’. Photo Credit: stevanovicigor/GettyImages

Both Cathay Pacific and Cathay Dragon had customer data accessed without authorisation, with passport, ID card numbers and travel history, as well as names, dates of birth and nationalities, exposed.

The Hong Kong Privacy Commissioner’s report on last year’s Cathay Pacific data breach, aviation’s largest known privacy leak, has found the Hong Kong airline at fault.

Both Cathay Pacific and Cathay Dragon had customer data accessed without authorisation, with passport, ID card numbers and travel history, as well as names, dates of birth and nationalities, exposed.

“It is quite clear that contraventions aside, Cathay adopted a lax attitude towards data governance, which fell short of the expectation of its affected passengers and the regulator,” privacy commissioner Stephen Kai-yi Wong said in a statement.

Some 846,000 passport numbers and 243,000 ID card numbers were compromised.

Cathay did not immediately reveal that as well as passenger names, flight numbers and dates were also accessed. They did emphasise, however, that no passwords were compromised.

The airline said it has found no report of misuse of the exposed data, or of it being listed on the ‘dark web’.

Of the 9.4 million compromised passenger accounts, in 260 destinations, 3.59 million were registered to Asia Miles and Marco Polo Club, while 5.89 million had profiles with the airline.

The airline has taken measures to enhance its IT security, including in the governance of data, security, control of access, staff awareness and education and incident response.

A spokesperson said, “In today’s world, as the sophistication of cyber attackers continues to increase, we need to, and will continue to invest in and evolve our IT security systems.”


JDS Travel News JDS Viewpoints JDS Africa/MI