City Cruises

Published on Friday, June 7, 2019

Cathay slammed for 'lax' data security following hack


Hong Kong's privacy watchdog was highly critical of Cathay Pacific's data security standards in an investigation report into last year's huge data breach.

Hong Kong's commissioner for personal data Stephen Kai-yi Wong called out Cathay's 'lax' data security management.

Data on more than nine million passengers was compromised in a breach which was discovered last October, with 860,000 passport numbers accessed as well as about 245,000 Hong Kong identity card numbers.

The commissioner's report criticised the airline for holding on to personal ID card data longer than was necessary.

"Cathay adopted a lax attitude towards data governance, which fell short of the expectation of its affected passengers and the regulator," he said.

It failed to spot common vulnerabilities in its data protection system and take action to plug the gaps, the report said.

Cathay acknowledged it had discovered some suspicious activity on its network back in March 2018 and in May 2018 got confirmation that some data had been accessed.

The airline said it is assessing the report's findings, which requires it to appoint an independent data security expert to revamp its personal data storage systems and set out a data-retention policy.

Cathay has already taken action to enhance security in data governance, network security and access control, it said in a statement.

Story Image

Your Comments

, be the first to post a comment.
Your email:

Email other comments made to this story

NOTE: Comments are subject to admin approval before being posted.
Mole Poll
'WTTC names cities at risk of over-tourism' - Has this issue affected the destinations you sell?
YES 60.21 %
NO 39.79 %

Thank you for your vote


Move scroll bar (above) left to right for more videos!