Oct 24, 2018, 3:47 pm
Last edit by: kaka
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
- ask for data that CX hold on you
- highlight specifically which data was lost
(there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
- http://www.cathaydatabreach.com
- http://www.classlawdc.com/2018/10/25/cathay-pacific-data-breach-class-action-investigation/
9.4 million passengers’ data stolen from CX
Oct 25, 2018, 2:21 am
#46
Join Date: Apr 2012
Location: Hong Kong SAR
Programs: JL Diamond, CX Gold, HH Gold
Posts: 277
Oct 25, 2018, 2:21 am
#47
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
a mate says this is what staff can see in the back system. methinks the breach is much bigger than this otherwise whats the (muting) point of issuing a statement at 2300hrs in HK
Oct 25, 2018, 2:22 am
#48
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
https://twitter.com/benjaminbland/st...331503616?s=21
Cathay is directing questions to an unverified twitter account. What a clown show.
https://twitter.com/cathaypacific/st...444854273?s=21
Cathay is directing questions to an unverified twitter account. What a clown show.
https://twitter.com/cathaypacific/st...444854273?s=21
Oct 25, 2018, 2:41 am
#49
Join Date: Jan 2006
Programs: AAdvantage Asia Miles Air China
Posts: 870
Oct 25, 2018, 2:54 am
#50
Join Date: Apr 2014
Location: Hong Kong, London, Toronto, Bangkok
Programs: MPC, OneWorld, 1865 Voyager, Hyatt, Horizon Club
Posts: 149
I have received the email, and I'm SL; the following were stolen from me:
The following types of personal data about you were accessed:
I used their Experian and their initial report already told me things like email/passwords were sold/listed online somewhere... I suggest all to change your passwords anyways even though they did not mention that your passwords have been compromised.
The following types of personal data about you were accessed:
- Date of Birth
- Name
- Nationality
- Telephone Number
- Title
I used their Experian and their initial report already told me things like email/passwords were sold/listed online somewhere... I suggest all to change your passwords anyways even though they did not mention that your passwords have been compromised.
Oct 25, 2018, 3:30 am
#52
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 335
Looks like my wife just got the email from Cathay. I'm assuming Golds are now beginning to receive the email notification.
Oct 25, 2018, 3:36 am
#53
Suspended
Join Date: Jun 2002
Location: Hong Kong
Programs: None any more
Posts: 11,017
Oct 25, 2018, 3:43 am
#54
Join Date: Oct 1999
Location: HKG
Programs: CX DM, SQ, BA, TG, Sheba, VN, MPO since 1980
Posts: 1,058
Yes I got the Dear Diamond member email too
Maybe ask the GRU Fancy Bear division if we can have our data back
This is what you get in HKG for HKD 350,000 per month salary ++
Wait till shxt happens then whinge and threaten to make new laws
Cathay decision not to inform of leak 'unethical' - RTHK
Maybe ask the GRU Fancy Bear division if we can have our data back
This is what you get in HKG for HKD 350,000 per month salary ++
Wait till shxt happens then whinge and threaten to make new laws
Cathay decision not to inform of leak 'unethical' - RTHK
Oct 25, 2018, 3:52 am
#56
Join Date: Nov 2007
Location: Hong Kong
Programs: CX, UA, Shangri-La, Hyatt, Starwood
Posts: 7,708
Infuriating
Here's what they got for me:
The following types of personal data about you were accessed:
The following types of personal data about you were accessed:
- Date of Birth
- Email Address
- Name
- Nationality
- Telephone Number
- Title
- Travel Document Number
Oct 25, 2018, 3:57 am
#57
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
Here's what they got for me:
The following types of personal data about you were accessed:
The following types of personal data about you were accessed:
- Date of Birth
- Email Address
- Name
- Nationality
- Telephone Number
- Title
- Travel Document Number
I have received the email, and I'm SL; the following were stolen from me:
The following types of personal data about you were accessed:
I used their Experian and their initial report already told me things like email/passwords were sold/listed online somewhere... I suggest all to change your passwords anyways even though they did not mention that your passwords have been compromised.
The following types of personal data about you were accessed:
- Date of Birth
- Name
- Nationality
- Telephone Number
- Title
I used their Experian and their initial report already told me things like email/passwords were sold/listed online somewhere... I suggest all to change your passwords anyways even though they did not mention that your passwords have been compromised.
What happened?
As part of our ongoing IT security processes, we discovered unauthorised access to some of our passenger data.
We initially discovered suspicious activity on our network in March this year. Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed.
We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks.
What information was involved?
The following types of personal data about you were accessed:
As part of our ongoing IT security processes, we discovered unauthorised access to some of our passenger data.
We initially discovered suspicious activity on our network in March this year. Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed.
We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks.
What information was involved?
The following types of personal data about you were accessed:
- Date of Birth
- Email Address
- Name
- Nationality
- Telephone Number
- Title
- Travel Document Number
Here's the information taken from me,
a friend of mine got the following
That's a lot of info....
- Address
- Date of Birth
- Name
- Nationality
- Telephone Number
- Title
- Travel Document Number
a friend of mine got the following
- Date of Birth
- Email Address
- HKID Number
- Name
- Nationality
- Permit Number
- Telephone Number
- Title
- Travel Document Number
That's a lot of info....
I have my address in the profile too but not nationality/passport number saved. i wonder if there's any correlation.
Oct 25, 2018, 4:04 am
#59
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 335
Oct 25, 2018, 4:12 am
#60
Join Date: Jul 2012
Location: HKG
Programs: BA(GGL) QF LTS CX AM, Hilton Diamond, PPL(A)
Posts: 1,654
Some questions that I am unclear about
1. Does this only affect MPO / AM members / registered account members or are guests affected?
2. Only revenue fares or AM /redemptions or both?
2. Are third party (eg Expedia ) bookings affected
3. Even better are CX redemption via OW affected
I haven't received any email, because I don't generally book CX revenue. But have booked a few redemption using AM and BAEC
Edit: I received one just as a I typed! Bad but not the end of the world.
1. Does this only affect MPO / AM members / registered account members or are guests affected?
2. Only revenue fares or AM /redemptions or both?
2. Are third party (eg Expedia ) bookings affected
3. Even better are CX redemption via OW affected
I haven't received any email, because I don't generally book CX revenue. But have booked a few redemption using AM and BAEC
Edit: I received one just as a I typed! Bad but not the end of the world.
- Address
- Name
- Title