Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Cathay Pacific | Marco Polo Club
Reload this Page >

9.4 million passengers’ data stolen from CX

9.4 million passengers’ data stolen from CX

    Hide Wikipost
Old Nov 1, 18, 1:34 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: kaka
Wiki Link
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html

If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
  • ask for data that CX hold on you
  • highlight specifically which data was lost
    (there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.

If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
Print Wikipost

Reply

Old Oct 25, 18, 12:41 am
  #31  
Ambassador, Hong Kong and Macau
 
Join Date: May 2009
Location: HKG
Programs: Depends
Posts: 14,131
Originally Posted by sxc View Post
No wonder the lounges are so crowded, with all this data for identity theft
I wish they swap the assiduousness they are currently using to hold onto seats from redemption into holding our personal data securely.
percysmith is offline  
Reply With Quote
Old Oct 25, 18, 12:44 am
  #32  
 
Join Date: Jan 2006
Programs: AAdvantage Asia Miles Air China
Posts: 560
Originally Posted by FlyPointyEnd View Post
Class action?
Sadly class action does not exist in Hong Kong, however if the breach includes US based MPC members then that could could be a game changer.

May well be worth FT members collaborating once more information becomes available.
fast03 likes this.
Nicc HK is offline  
Reply With Quote
Old Oct 25, 18, 1:11 am
  #33  
 
Join Date: Jun 2015
Location: Shanghai
Programs: Flying Blue, Marco Polo, Skywards, Etihad Guest, IHG
Posts: 236
May well be worth FT members collaborating once more information becomes available.
I agree with this. we need to collaborate once we have more facts about how deep/serious the breach is

Last edited by rienhart87; Oct 25, 18 at 1:12 am Reason: fix quote
rienhart87 is offline  
Reply With Quote
Old Oct 25, 18, 1:36 am
  #34  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 195
Originally Posted by Nicc HK View Post
Sadly class action does not exist in Hong Kong, however if the breach includes US based MPC members then that could could be a game changer.

May well be worth FT members collaborating once more information becomes available.
How would your base be determined?

I hold a Canada passport but have mailing addresses in both Malaysia and Canada.

Either way i'm in for collaborating if I qualify
blum81 is offline  
Reply With Quote
Old Oct 25, 18, 1:37 am
  #35  
 
Join Date: Sep 2011
Location: MNL
Programs: CX MPO DM, Le Club Accor Platinum, World of Hyatt Explorist
Posts: 2,024
Originally Posted by cathaychap View Post
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
Here's the information taken from me,
  • Address
  • Date of Birth
  • Name
  • Nationality
  • Telephone Number
  • Title
  • Travel Document Number

a friend of mine got the following
  • Date of Birth
  • Email Address
  • HKID Number
  • Name
  • Nationality
  • Permit Number
  • Telephone Number
  • Title
  • Travel Document Number

That's a lot of info....
FlyPointyEnd is online now  
Reply With Quote
Old Oct 25, 18, 1:45 am
  #36  
 
Join Date: Sep 2011
Location: MNL
Programs: CX MPO DM, Le Club Accor Platinum, World of Hyatt Explorist
Posts: 2,024
Originally Posted by Nicc HK View Post
Sadly class action does not exist in Hong Kong, however if the breach includes US based MPC members then that could could be a game changer.

May well be worth FT members collaborating once more information becomes available.
Looks like they are really concerned about US based MPO members because they made a page specifically for them.
FlyPointyEnd is online now  
Reply With Quote
Old Oct 25, 18, 1:53 am
  #37  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 195
Originally Posted by FlyPointyEnd View Post
Here's the information taken from me,
  • Address
  • Date of Birth
  • Name
  • Nationality
  • Telephone Number
  • Title
  • Travel Document Number

a friend of mine got the following
  • Date of Birth
  • Email Address
  • HKID Number
  • Name
  • Nationality
  • Permit Number
  • Telephone Number
  • Title
  • Travel Document Number

That's a lot of info....
interesting. seems it's different for everyone.

Here's what I got.
  • Address
  • Date of Birth
  • Email Address
  • Name
  • Nationality
  • Telephone Number
  • Title
blum81 is offline  
Reply With Quote
Old Oct 25, 18, 2:04 am
  #38  
 
Join Date: Jun 2013
Programs: CX DM/OWE, Avis Avis Preferred, SPG Plat, Marriott Plat
Posts: 66
What happened?

As part of our ongoing IT security processes, we discovered unauthorised access to some of our passenger data.

We initially discovered suspicious activity on our network in March this year. Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed.

We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks.
What information was involved?

The following types of personal data about you were accessed:
  • Date of Birth
  • Email Address
  • Name
  • Nationality
  • Telephone Number
  • Title
  • Travel Document Number
This is what i got
randomeejit is offline  
Reply With Quote
Old Oct 25, 18, 2:06 am
  #39  
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,930
i dont have the email for neither my parents nor myself. interesting.
considering i fly on award every month and they have quarterly (paid) flights on CX
kaka is offline  
Reply With Quote
Old Oct 25, 18, 2:09 am
  #40  
 
Join Date: Sep 2011
Location: MNL
Programs: CX MPO DM, Le Club Accor Platinum, World of Hyatt Explorist
Posts: 2,024
Originally Posted by kaka View Post
i dont have the email for neither my parents nor myself. interesting.
considering i fly on award every month and they have quarterly (paid) flights on CX
All of my DM friend's already got an email. Maybe they are informing people based on MPO status first hehehe
kaka likes this.
FlyPointyEnd is online now  
Reply With Quote
Old Oct 25, 18, 2:09 am
  #41  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 195
Originally Posted by kaka View Post
i dont have the email for neither my parents nor myself. interesting.
considering i fly on award every month and they have quarterly (paid) flights on CX

What MP status are you?

My wife is at gold and parents are at silver but neither of them received the email.

Wonder if they are they really sending emails out according to MP levels? lol.
blum81 is offline  
Reply With Quote
Old Oct 25, 18, 2:11 am
  #42  
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,930
Originally Posted by blum81 View Post
What MP status are you?

My wife is at gold and parents are at silver but neither of them received the email.

Wonder if they are they really sending emails out according to MP levels? lol.
we are nothing in MPO but OWE and OWS for JAL
kaka is offline  
Reply With Quote
Old Oct 25, 18, 2:13 am
  #43  
 
Join Date: Feb 2011
Posts: 5,519
I haven't had the email and I was flying CX almost weekly up until March, though I never joined AM. It would make sense if they sent them out in tranches, 9.4 million is a huge amount to send in one hit.
1010101 is offline  
Reply With Quote
Old Oct 25, 18, 2:14 am
  #44  
 
Join Date: Jan 2007
Location: YYZ
Programs: CX MPC GO, AMEX PLAT, Hilton Gold, Marriott Gold, Radisson Gold, IHG Spire
Posts: 179
Same here. I am GO and my parents are GR and none of us have received the email. I find it hard to believe that we are not part of the 9.4million passengers. So probably they are actually sending the emails by status. The CX website does mention that they are sending the emails in the coming days.

Any non-DM have received the emails?
etkuo is offline  
Reply With Quote
Old Oct 25, 18, 2:20 am
  #45  
 
Join Date: Apr 2012
Location: Hong Kong SAR
Programs: CX Gold, HH Gold
Posts: 198
Originally Posted by kaka View Post
i dont have the email for neither my parents nor myself. interesting.
considering i fly on award every month and they have quarterly (paid) flights on CX
AFAIK They are contacting the DMs now.
AmD950 is offline  
Reply With Quote

Thread Tools
Search this Thread