Cathay Pacific faces ire over data hacking
The airline did not disclose info leak of 9.4 million passengers for 5 months
Hong Kong carrier Cathay Pacific came under pressure on Thursday to explain why it had taken five months to admit it had been hacked and compromised the data of 9.4 million customers, including passport numbers and credit card details.
The airline said on Wednesday it had discovered suspicious activity on its network in March and confirmed unauthorised access to certain personal data in early May.
However, chief customer and commercial officer Paul Loo said officials wanted to have an accurate grasp on the situation before making an announcement and did not wish to “create unnecessary panic”.
News of the leak sent shares in Cathay, which was already under pressure as it struggles for customers, plunging more than six per cent to a nine-year low in Hong Kong trading.
Local politicians slammed the carrier, saying its response had only fuelled worries.
“Whether the panic is necessary or not is not for them to decide, it is for the victim to decide. This is not a good explanation at all to justify the delay,” said IT sector lawmaker Charles Mok.
And legislator Elizabeth Quat said the delay was “unacceptable” as it meant customers missed five months of opportunities to take steps to safeguard their personal data.
The airline admitted about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed.
Other compromised passenger data included nationalities, dates of births, phone numbers, emails, and physical addresses.
“We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised,” chief executive Rupert Hogg said in a statement on Wednesday.
The airline said about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit cards with no CVVwere accessed by hackers