CATHAY Pacific has apologised to its customers for any concern they may have experienced over a massive data breach of its systems detected back in Mar.
The Hong Kong-based carrier has faced widespread criticism for failing to report the data incident sooner, electing to wait seven months before going public.
Hong Kong Privacy Commissioner Stephen Kai-yi Wong “expressed serious concern” over the way Cathay Pacific handled the breach, suggesting airlines should attempt to “bridge the gap” between their legal requirements and data ethics.
Currently there is no legal obligation in Hong Kong for data breaches to be reported.
However Cathay Pacific’s Chief Executive Officer Rupert Hogg said the airline conducted a thorough investigation once the breach was identified.
“We acted immediately to contain the event…with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” Hogg said.
“We are in the process of contacting affected passengers… we have no evidence that any personal data has been misused”.
Personal data accessed included passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer program membership numbers, and historical travel information.
Any passengers who believe they may have been affected by the breach are encouraged by Cathay Pacific to visit the dedicated website: infosecurity.cathaypacific.com.
Source: traveldaily