Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Cathay Pacific | Marco Polo Club
Reload this Page >

9.4 million passengers’ data stolen from CX

9.4 million passengers’ data stolen from CX

    Hide Wikipost
Old Nov 1, 18, 1:34 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: kaka
Wiki Link
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html

If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
  • ask for data that CX hold on you
  • highlight specifically which data was lost
    (there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.

If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
Print Wikipost

Reply

Old Oct 25, 18, 2:21 am
  #46  
 
Join Date: Apr 2012
Location: Hong Kong SAR
Programs: CX Gold, HH Gold
Posts: 198
Originally Posted by FlyPointyEnd View Post
All of my DM friend's already got an email. Maybe they are informing people based on MPO status first hehehe
Priority Service for DM at all times. Time for win (yay!).
AmD950 is offline  
Reply With Quote
Old Oct 25, 18, 2:21 am
  #47  
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,950
a mate says this is what staff can see in the back system. methinks the breach is much bigger than this otherwise whats the (muting) point of issuing a statement at 2300hrs in HK
kaka is online now  
Reply With Quote
Old Oct 25, 18, 2:22 am
  #48  
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,950
Originally Posted by txflyer77 View Post
https://twitter.com/benjaminbland/st...331503616?s=21

Cathay is directing questions to an unverified twitter account. What a clown show.

https://twitter.com/cathaypacific/st...444854273?s=21
actually asiamiles twitter is unverified too
kaka is online now  
Reply With Quote
Old Oct 25, 18, 2:41 am
  #49  
 
Join Date: Jan 2006
Programs: AAdvantage Asia Miles Air China
Posts: 562
Originally Posted by 1010101 View Post
I haven't had the email and I was flying CX almost weekly up until March, though I never joined AM. It would make sense if they sent them out in tranches, 9.4 million is a huge amount to send in one hit.
CX could have started when they first found out about it.
kaka and blum81 like this.
Nicc HK is offline  
Reply With Quote
Old Oct 25, 18, 2:54 am
  #50  
 
Join Date: Apr 2014
Location: Hong Kong, London, Toronto, Bangkok
Programs: MPC, OneWorld, 1865 Voyager, Hyatt, Horizon Club
Posts: 132
I have received the email, and I'm SL; the following were stolen from me:

The following types of personal data about you were accessed:
  • Date of Birth
  • Name
  • Nationality
  • Telephone Number
  • Title
Your travel or loyalty profile was not accessed in full, and your password was not compromised.

I used their Experian and their initial report already told me things like email/passwords were sold/listed online somewhere... I suggest all to change your passwords anyways even though they did not mention that your passwords have been compromised.
hphreak is offline  
Reply With Quote
Old Oct 25, 18, 3:24 am
  #51  
 
Join Date: Jan 2005
Location: ...
Posts: 943
I assume we all get compromised, if 9.4m pax were. I got similar emails to above this afternoon.

Anyone have experience with the Experian IdentityWorks thing?
Jane's Addiction is offline  
Reply With Quote
Old Oct 25, 18, 3:30 am
  #52  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 195
Originally Posted by blum81 View Post
What MP status are you?

My wife is at gold and parents are at silver but neither of them received the email.

Wonder if they are they really sending emails out according to MP levels? lol.

Looks like my wife just got the email from Cathay. I'm assuming Golds are now beginning to receive the email notification.
blum81 is offline  
Reply With Quote
Old Oct 25, 18, 3:36 am
  #53  
FlyerTalk Evangelist
 
Join Date: Jun 2002
Location: Hong Kong
Programs: None any more
Posts: 10,710
Originally Posted by kaka View Post
otherwise whats the (muting) point of issuing a statement at 2300hrs in HK
That might be so that it was outside the trading day for anywhere that Cathay or Swire shares are listed. There are rules about when you can make price-sensitive announcements.
kaka likes this.
christep is offline  
Reply With Quote
Old Oct 25, 18, 3:43 am
  #54  
 
Join Date: Oct 1999
Location: HKG
Programs: CX DM, SQ, BA, TG, Sheba, VN, MPO since 1980
Posts: 1,050
Yes I got the Dear Diamond member email too
Maybe ask the GRU Fancy Bear division if we can have our data back

This is what you get in HKG for HKD 350,000 per month salary ++
Wait till shxt happens then whinge and threaten to make new laws
Cathay decision not to inform of leak 'unethical' - RTHK
Marco Polo is offline  
Reply With Quote
Old Oct 25, 18, 3:52 am
  #55  
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,950
finally my turn. (just me so far)
  • Email Address
  • Name
  • Telephone Number
  • Title
kaka is online now  
Reply With Quote
Old Oct 25, 18, 3:52 am
  #56  
 
Join Date: Nov 2007
Location: Hong Kong
Programs: CX, UA, Shangri-La, Hyatt, Starwood
Posts: 7,375
Infuriating

Here's what they got for me:

The following types of personal data about you were accessed:
  • Date of Birth
  • Email Address
  • Name
  • Nationality
  • Telephone Number
  • Title
  • Travel Document Number
Your travel or loyalty profile was not accessed in full, and your password was not compromised.
QRC3288 is online now  
Reply With Quote
Old Oct 25, 18, 3:57 am
  #57  
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,950
Originally Posted by QRC3288 View Post
Here's what they got for me:

The following types of personal data about you were accessed:
  • Date of Birth
  • Email Address
  • Name
  • Nationality
  • Telephone Number
  • Title
  • Travel Document Number
Your travel or loyalty profile was not accessed in full, and your password was not compromised.
Originally Posted by hphreak View Post
I have received the email, and I'm SL; the following were stolen from me:

The following types of personal data about you were accessed:
  • Date of Birth
  • Name
  • Nationality
  • Telephone Number
  • Title
Your travel or loyalty profile was not accessed in full, and your password was not compromised.

I used their Experian and their initial report already told me things like email/passwords were sold/listed online somewhere... I suggest all to change your passwords anyways even though they did not mention that your passwords have been compromised.
Originally Posted by randomeejit View Post
What happened?

As part of our ongoing IT security processes, we discovered unauthorised access to some of our passenger data.

We initially discovered suspicious activity on our network in March this year. Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed.

We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks.

What information was involved?

The following types of personal data about you were accessed:
  • Date of Birth
  • Email Address
  • Name
  • Nationality
  • Telephone Number
  • Title
  • Travel Document Number
This is what i got
Originally Posted by blum81 View Post
interesting. seems it's different for everyone.

Here's what I got.
  • Address
  • Date of Birth
  • Email Address
  • Name
  • Nationality
  • Telephone Number
  • Title
Originally Posted by FlyPointyEnd View Post
Here's the information taken from me,
  • Address
  • Date of Birth
  • Name
  • Nationality
  • Telephone Number
  • Title
  • Travel Document Number

a friend of mine got the following
  • Date of Birth
  • Email Address
  • HKID Number
  • Name
  • Nationality
  • Permit Number
  • Telephone Number
  • Title
  • Travel Document Number

That's a lot of info....
Originally Posted by Nicc HK View Post
The following types of personal data about you were accessed:
  • HKID Number
  • Name
  • Nationality
  • Title
  • Travel Document Number
sorry for multi quoting but i am wondering if they is what you have saved on your MPO profile.
I have my address in the profile too but not nationality/passport number saved. i wonder if there's any correlation.
kaka is online now  
Reply With Quote
Old Oct 25, 18, 4:01 am
  #58  
 
Join Date: Apr 2014
Location: Hong Kong, London, Toronto, Bangkok
Programs: MPC, OneWorld, 1865 Voyager, Hyatt, Horizon Club
Posts: 132
I have passport details saved in the account but those were not taken, so no correlation for me.
kaka and OneWorldLoyalist like this.
hphreak is offline  
Reply With Quote
Old Oct 25, 18, 4:04 am
  #59  
 
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 195
Originally Posted by hphreak View Post
I have passport details saved in the account but those were not taken, so no correlation for me.
same for me
blum81 is offline  
Reply With Quote
Old Oct 25, 18, 4:12 am
  #60  
 
Join Date: Jul 2012
Location: HKG
Programs: BA(GGL) QF LTS CX AM, Hilton Diamond
Posts: 1,568
Some questions that I am unclear about

1. Does this only affect MPO / AM members / registered account members or are guests affected?
2. Only revenue fares or AM /redemptions or both?
2. Are third party (eg Expedia ) bookings affected
3. Even better are CX redemption via OW affected

I haven't received any email, because I don't generally book CX revenue. But have booked a few redemption using AM and BAEC


Edit: I received one just as a I typed! Bad but not the end of the world.
  • Address
  • Name
  • Title
ermen is offline  
Reply With Quote

Thread Tools
Search this Thread