Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Cathay Pacific | Marco Polo Club
Reload this Page >

9.4 million passengers’ data stolen from CX

9.4 million passengers’ data stolen from CX

    Hide Wikipost
Old Nov 1, 18, 1:34 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: kaka
Wiki Link
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html

If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
  • ask for data that CX hold on you
  • highlight specifically which data was lost
    (there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.

If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
Print Wikipost

Reply

Old Dec 14, 18, 1:58 am
  #226  
 
Join Date: Jan 2006
Programs: AAdvantage Asia Miles Air China
Posts: 581
Curious, seems to have gone quiet, any developments? Not seen anything on the newswires
kaka likes this.
Nicc HK is offline  
Reply With Quote
Old Dec 14, 18, 3:14 am
  #227  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 211
Originally Posted by Cambo View Post
Hahaha, Marriott/Starwood reported to have beaten CX by a huge margin. 500M accounts/bookings leaked........

yup... I got an email from Marriott. Ironically while staying at the Marriott Taipei.

I think we should place bets on which hotel chain or airline will be next lol.
kaka likes this.
blum81 is offline  
Reply With Quote
Old Dec 14, 18, 12:02 pm
  #228  
Suspended
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,959
Originally Posted by Cambo View Post
Hahaha, Marriott/Starwood reported to have beaten CX by a huge margin. 500M accounts/bookings leaked........
guess who was fishing for it
kaka is offline  
Reply With Quote
Old Dec 14, 18, 12:31 pm
  #229  
 
Join Date: Nov 2017
Programs: MPC-Gold, Enrich-Plat
Posts: 626
Originally Posted by kaka View Post

guess who was fishing for it
I think gmail would be the biggest trophy. About everybody with an Android phone does have one or more gmail accounts.
Cambo is offline  
Reply With Quote
Old Dec 27, 18, 6:24 pm
  #230  
Ambassador, Hong Kong and Macau
 
Join Date: May 2009
Location: HKG
Programs: Depends
Posts: 14,210
http://s.nextmedia.com/realtime/a.ph...342&a=59075764

Apple claims CX 9.4m --> TU leak --> card replace --> card theft from insecure residential mailbox
percysmith is online now  
Reply With Quote
Old Dec 28, 18, 2:57 am
  #231  
 
Join Date: Nov 2017
Programs: MPC-Gold, Enrich-Plat
Posts: 626
Originally Posted by percysmith View Post
http://s.nextmedia.com/realtime/a.ph...342&a=59075764

Apple claims CX 9.4m --> TU leak --> card replace --> card theft from insecure residential mailbox
I can't read the Chinese gibberish, though if your English summary does describe the reference, then I would say that blaming CX for theft from insecure mailboxes would be a very long stretch.

I am also surprised, cards don't seem to be blocked when in the mail and do have to be unblocked by the user, using a dial response phone system. At least, in Europe, this is more or less common.

And: I still did not hear ANYTHING about people whose credit card details were retrieved from CX, nor anybody reports identity theft, possibly due to the CX hack.
(Which again convinces me, this hack was a state-hack, to obtain phone/identity correlation info).
Cambo is offline  
Reply With Quote
Old Dec 28, 18, 3:20 am
  #232  
Ambassador, Hong Kong and Macau
 
Join Date: May 2009
Location: HKG
Programs: Depends
Posts: 14,210
Originally Posted by Cambo View Post
I can't read the Chinese gibberish, though if your English summary does describe the reference, then I would say that blaming CX for theft from insecure mailboxes would be a very long stretch.
That's like blaming a computer owner for not patching software isn't it? Shouldn't have released buggy software in the first place.

However whether CX is the source of the info to pass Transunion is a stretch.
percysmith is online now  
Reply With Quote
Old Jul 8, 19, 2:39 am
  #233  
 
Join Date: Feb 2011
Posts: 5,552
BA just got hit by a HK$1.8 billion fine for their data loss. I wonder if the PCPD can/will do anything similar to CX.
1010101 is offline  
Reply With Quote
Old Jul 8, 19, 3:26 pm
  #234  
 
Join Date: Aug 2010
Location: Vancouver
Programs: CX DM, SQ TPP, QF GO LIFE, OZ*G, Marriott PLT LIFE, SPG LIFE, WOH GLOBALIST LIFE, HH DM, BA GO LIFE
Posts: 593
Originally Posted by 1010101 View Post
BA just got hit by a HK$1.8 billion fine for their data loss. I wonder if the PCPD can/will do anything similar to CX.
I highly doubt it since this was a fine imposed by the UK Information Commissioner's Office (ICO) where BA is based. HK laws and their commission do not have any powers to impose fines.

As for BA's fine, they will be fighting this with a tooth and nail so watch the space as this could set a precedent for other cases.
CS300 likes this.

Last edited by 380Flyer; Jul 8, 19 at 3:32 pm
380Flyer is offline  
Reply With Quote
Old Jul 9, 19, 12:27 am
  #235  
 
Join Date: Feb 2011
Posts: 5,552
Originally Posted by 380Flyer View Post
I highly doubt it since this was a fine imposed by the UK Information Commissioner's Office (ICO) where BA is based. HK laws and their commission do not have any powers to impose fines.

As for BA's fine, they will be fighting this with a tooth and nail so watch the space as this could set a precedent for other cases.
Thanks. I didn't know they couldn't impose fines. It makes me wonder what the point of them being there is, but it is HK.


BA have been made an example of as a deterrent to others, and there may well be significant penalties still to come from other ongoing court cases.
1010101 is offline  
Reply With Quote
Old Jul 9, 19, 4:53 am
  #236  
 
Join Date: Aug 2009
Location: ZOA, SFO, HKG
Programs: UA 1K 0.8MM, Marriott PLT, HHonors Gold, Hertz PC, SBux Gold, TSA Pre✓
Posts: 9,766
Originally Posted by 1010101 View Post
BA just got hit by a HK$1.8 billion fine for their data loss. I wonder if the PCPD can/will do anything similar to CX.
PCPD is weak. If you expect PCPD will do anything for you, it is more practical for you to sue CX at the Small Claims Tribunal - faster, cheaper, and effective.
garykung is offline  
Reply With Quote
Old Jul 9, 19, 8:14 am
  #237  
 
Join Date: Jan 2016
Location: LON
Programs: BAEC, Accor
Posts: 1,274
In the UK the ICO is acting jointly for all the other EU data regulators, and when the actual final fine is agreed some of the spoils will get shared with other EU data regulators.

​​​​There is going to be a certain amount of headline grabbing on the BA one as the breach was the first 'big one' after the EU GDPR regulations came into effect.
plunet is offline  
Reply With Quote
Old Jul 9, 19, 11:58 pm
  #238  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 211
2 months ago I had my credit card compromised. It's a card I really only use to book travel/pay for bills. Cathay, BA, Malaysia Airlines and Philippine Air are the airlines I used with the card.

Has anyone else had their credit cards compromised after the data leak?
blum81 is offline  
Reply With Quote
Old Jul 10, 19, 12:07 am
  #239  
 
Join Date: Feb 2011
Posts: 5,552
Originally Posted by blum81 View Post
2 months ago I had my credit card compromised. It's a card I really only use to book travel/pay for bills. Cathay, BA, Malaysia Airlines and Philippine Air are the airlines I used with the card.

Has anyone else had their credit cards compromised after the data leak?
Head over to the BA board. A lot of people there have.
blum81 likes this.
1010101 is offline  
Reply With Quote
Old Jul 10, 19, 3:12 am
  #240  
 
Join Date: Jun 2015
Programs: MR Platinum
Posts: 32
Marriott too has been hit with a similar fine.

https://loyaltylobby.com/2019/07/09/...r-data-breach/

Any bet that Cathay is next?
CS300 is offline  
Reply With Quote

Thread Tools
Search this Thread