Privacy watchdog criticises Cathay Pacific over 2018 data breach


  • TECH
  • Friday, 07 Jun 2019

FILE PHOTO: An Airbus A330-300 passenger plane of Hong Kong airline Cathay Pacific takes off at Taoyuan International Airport, Taiwan, August 6, 2018. REUTERS/Tyrone Siu/File Photo

Airline Cathay Pacific has been found to have not followed data protection principles in relation to the security of passengers' personal data, Hong Kong's privacy watchdog said in a report published on June 6.

Last October Cathay said data on about 9.4 million of its passengers had been accessed without authorisation, adding that it had discovered suspicious activity on its network in March 2018 and that investigations in early May last year had confirmed that certain personal data had been accessed.

The breach compromised 860,000 passport numbers and about 245,000 Hong Kong identity card numbers, Cathay had reported.

Cathay Pacific shares slumped to nine-year lows after the October announcement.

In Thursday's report the commissioner for personal data, Stephen Kai-yi Wong, criticised the airline for "lax" data governance, pointing at its failure to identify common vulnerabilities and put in place measures to plug them.

"Cathay adopted a lax attitude towards data governance, which fell short of the expectation of its affected passengers and the regulator," he said, adding that the airline had retained Hong Kong identity card numbers of affected passengers longer than necessary.

A statement from the airline said it was assessing the commissioner's report, which ordered Cathay to appoint an independent data security expert to overhaul its personal data storage systems and chalk out a clear data-retention policy among other measures. – Reuters


Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 7
Cxense type: free
User access status: 3
   

Across The Star Online