Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Cathay Pacific | Marco Polo Club
Reload this Page >

9.4 million passengers’ data stolen from CX

9.4 million passengers’ data stolen from CX

    Hide Wikipost
Old Nov 1, 18, 1:34 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: kaka
Wiki Link
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html

If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
  • ask for data that CX hold on you
  • highlight specifically which data was lost
    (there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.

If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
Print Wikipost

Old Oct 27, 18, 7:19 am
  #151  
 
Join Date: Dec 2007
Location: BOS
Programs: DL Gold, BA Silver
Posts: 189
Originally Posted by go_around View Post
... just received the email that the following were taken (less bad than others..?):

- address
- name
- title

I have not received an email yet relating to my own data. Neither of us are MP, but both have an AM account.
Matches my situation exactly, with the adds that my AM account is dormant and I'm a US citizen.
Gerbs is offline  
Old Oct 27, 18, 10:25 am
  #152  
 
Join Date: Dec 2000
Location: HKG
Programs: AA 3MM CK, SQ Solitaire, LH SEN, CX DM, GP Courtesy Card, Marriott LT Titanium
Posts: 2,961
Originally Posted by AviationAddict View Post
Hahaha. We always see a lot of people on this forum and in Hong Kong saying 'I'm not flying CX anymore due to the bad service, poor catering, always delayed flight etc.' but most CX flights are still packed.. I wonder why too hmm lol
You'll be surprised at how many people in HK who actually don't read or know about any daily news and never read their email (if they even have email accounts) to know that this data leak happened at all....
kaka and jetsetter1k like this.
tfung is offline  
Old Oct 27, 18, 12:45 pm
  #153  
 
Join Date: Jan 2016
Location: LON
Programs: BAEC, Accor
Posts: 1,537
I was expecting something to crop up for myself. And this afternoon the email arrived.

I have a dormant MP profile (used to have a CX Gold from UK Amex).
But I booked in Jan 18 and flew with CX back in May 18 but the booking had no linkage to my old MP profile and was just booked on the CX website and I used BA for status and earning. So for someone with a dormant MP profile and a recent booking not linked to a CX login, the damage was:

These specific types of personal data about you were accessed:
  • Address
  • Name
  • Title
Your travel or loyalty profile was not accessed in full, and your password was not compromised.
plunet is offline  
Old Oct 28, 18, 12:00 am
  #154  
 
Join Date: Jan 2011
Location: Hong Kong
Programs: CX
Posts: 1,715
Originally Posted by AviationAddict View Post
Hahaha. We always see a lot of people on this forum and in Hong Kong saying 'I'm not flying CX anymore due to the bad service, poor catering, always delayed flight etc.' but most CX flights are still packed.. I wonder why too hmm lol
I don't think this is unique to HK or CX... take a look at sections for other US carriers, and you'll see a lot of these types of posts.
CX HK is offline  
Old Oct 28, 18, 8:30 am
  #155  
 
Join Date: Apr 2014
Location: Haute-Vienne, France
Posts: 244
Well, I attempted to log in to my Asia Miles account and my Cathay account today but my passwords didn't work so it looks like they've been changed but not by me. It took a while to get a new password registered and several attempts because the SMS verification code was not coming through for some reason. Looked at my account and nothing has been stolen as far as I can see.
Lussac is offline  
Old Oct 28, 18, 12:35 pm
  #156  
 
Join Date: Feb 2015
Location: BKK, HKG, NYC, MAD, PVR
Programs: Cathay, BA, UA
Posts: 52
What cross me here is the fact that it takes them months to inform us.

from what I read i could not find the breach if it’s just in March or ongoing, anyone knows?

I have got my name title passport number HKID, phone number, email, birthday, travel history, address assessed. They said the account wasn’t assess in full, the only thing they haven’t got were meal and seat preference and my redemption group details.

I know some Turkish-born Italian guy who lives in Italy got his passport fraud and when he travelled to France he got custody for 48 hours and treated as terrorist suspect. He spent thousands of Euros to rectify the situation.

speaking of which all those info one can easy use the identity of someone.
kaka likes this.
diablo_josito is offline  
Old Oct 28, 18, 11:34 pm
  #157  
sxc
Moderator, Cathay Pacific
Accor Contributor Badge
 
Join Date: Dec 2004
Programs: CX Green, QF Platinum, BAEC Gold, Hyatt Glob
Posts: 9,972
Cathay Pacific calls in police to investigate massive data breach
https://sc.mp/uaw6z

It’s quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
kaka, QRC3288 and HarbourGent like this.
sxc is offline  
Old Oct 28, 18, 11:44 pm
  #158  
 
Join Date: May 2017
Programs: AY Plat, HH D, BW DS
Posts: 303
Originally Posted by sxc View Post
Cathay Pacific calls in police to investigate massive data breach
https://sc.mp/uaw6z

It’s quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
Have to bury the bodies first before calling the police, am I right?
kaka and blum81 like this.
SuloL is online now  
Old Oct 29, 18, 12:08 am
  #159  
 
Join Date: Jan 2011
Location: Hong Kong
Programs: CX
Posts: 1,715
Originally Posted by SuloL View Post
Have to bury the bodies first before calling the police, am I right?
Seriously... now that the police are called in, CX's PR department will have a much easier job - "This "incident" is now under police investigation and we are unable to comment any further."
percysmith likes this.
CX HK is offline  
Old Oct 29, 18, 1:39 am
  #160  
 
Join Date: Jun 2015
Location: Dubai
Programs: Flying Blue, Marco Polo, Skywards, Etihad Guest, IHG
Posts: 244
So yesterday I finally received e-mail from CX. I even received two identical e-mails. My mom is a DM and she said she has not received anything from CX.

Anyway, i got the following
What information was involved?

These specific types of personal data about you were accessed:
  • Email Address
  • Flown Flight Number & Date
  • Name
  • Nationality
  • Telephone Number
Your travel or loyalty profile was not accessed in full, and your password was not compromised.

So what should we do if the ID monitoring services is not available in the country? In my case, it's neither available in China nor Indonesia.
rienhart87 is offline  
Old Oct 29, 18, 3:28 am
  #161  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 231
Originally Posted by sxc View Post
Cathay Pacific calls in police to investigate massive data breach
https://sc.mp/uaw6z

It’s quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
From the article:

Speaking on a radio show on Monday, Wong also said his group was prepared to offer legal help to anyone who wanted to submit a claim for damages against the airline.

Any idea if the legal help is only for those HK residences or worldwide?


“If someone thinks they have suffered damages, including damage to feelings, they can apply to our office for legal help,” Wong said.

Damage to feelings... i feel violated. lol.
blum81 is offline  
Old Oct 29, 18, 3:39 am
  #162  
 
Join Date: Aug 2018
Posts: 45
Who actually signed up for the experian services? I had name and address stolen
CXCPA is offline  
Old Oct 29, 18, 5:09 am
  #163  
 
Join Date: Feb 2008
Location: Hong Kong
Programs: CX DM
Posts: 190
Customer survey

With the hack and all that, I've just received this email from <[email protected]> Seems legit enough but its the first time I've seen this format....others have seen / received this?
clazza is offline  
Old Oct 29, 18, 6:35 am
  #164  
Suspended
 
Join Date: Jun 2002
Location: Hong Kong
Programs: None any more
Posts: 11,015
Anyone can put any "From" field they want in an email. I could send you one claiming to be from that address trivially. Where the links take you is more important.
christep is offline  
Old Oct 29, 18, 9:52 am
  #165  
 
Join Date: Dec 2001
Location: New York, NY
Programs: LH Senator, CX Diamond
Posts: 576
After I got my data security breach email from CX, I sent an email to Rupert Hogg, another senior manager and their infosecurity desk. I asked some straightforward questions. It took their Customer Relations team 3 days to send me the following pathetic reply.

"Thank you for your email to Mr Rupert Hogg, our Chief Executive Officer, our senior management team and the info security team regarding your concerns on the data security event.

We are sorry that we have not been able to respond as of yet. We fully appreciate and recognise your concerns. Please allow us to look into the matter before replying to you in more detail. In the meantime, thank you for your patience and for taking the time to contact us.

Yours sincerely
Customer Relations Department
Cathay Pacific Airways Limited
Hong Kong Dragon Airlines Limited"
Mr. Strong is offline  

Thread Tools
Search this Thread
Search Engine: