Cathay Pacific enlists UK company to assist with data breach
Cathay Pacific Airways has enlisted a firm that was once caught up in a hacking scandal to help deal with the fallout of a data breach that affected more than 9-million passengers.
Asia’s biggest international carrier is offering customers hit by the hack, which resulted in passport details to e-mails being illegally accessed, the option to take up a service provided by Experian to monitor whether their information is being misused online.
The England-based credittracking firm had its own experience with hacking in 2015, when a breach resulted in the data of 15-million subscribers of T-Mobile US held on Experian’s servers exposed. The company was sued over the incident, along with the telecommunications provider.
Cathay has lost more than $320m in market value since news of the hack broke, as investors and customers question the company’s handling of the situation. The airline, which said it first discovered the breach in March and confirmed it in May, did not disclose it until October 24, in a statement to the Hong Kong stock exchange.
When queried on Experian’s history by Bloomberg News, Cathay declined to comment.
The airline said the time taken to disclose the breach was mainly due to the complexity of the data, and because the event required considerable investigation. “We are focused now on assisting affected customers.”
The airline is the latest company to have its data hacked, with Facebook and fellow air carriers British Airways and Delta Air Lines targeted over the past year.
While firms have spent millions of dollars on sophisticated tools to shield their computer networks from attack, data security has become increasingly challenging. Hackers are on the rise, with many stealing troves of data that can be sold on the black market.
Experian helps track stolen data, when it shows up on websites, chat rooms, blogs or for sale in corners of the internet, often known as dark websites.
It is entirely up to the user to decide how much information they want to share if they choose to subscribe to the oneyear, free service, Cathay said in e-mails to affected passengers offering the service.
The security of customer data is “top priority” and Experian aims to provide protection and assistance to those affected, Sisca Margaretta, the company’s Singapore-based chief marketing officer for Asia Pacific, said. Referring to the past incidents, she said Experian’s consumer credit database was not accessed and no payment card or banking data was obtained.
“We actively monitor our systems and are continually updating our security protocols to protect data stored on our systems,” she said.
Laura Gabriela Politis, a Cathay Pacific customer, said she is not sure she will take up the offer to use the Experian service. “That company has [had] a data breach themselves and they’re asking for more information when your data has been compromised. I still don’t understand why it took them months to let us know.”
The information accessed in the Cathay hack included names, nationalities, dates of birth, phone numbers, e-mails, physical addresses, numbers for passports, identity cards and frequent-flier programmes, as well as travel information.
Flight safety was not compromised and there was no evidence any data has been misused, Cathay said, without giving details of the attack.