Last edit by: kaka
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
- ask for data that CX hold on you
- highlight specifically which data was lost
(there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
- http://www.cathaydatabreach.com
- http://www.classlawdc.com/2018/10/25/cathay-pacific-data-breach-class-action-investigation/
9.4 million passengers’ data stolen from CX
#3
Join Date: Jul 2012
Location: HKG
Programs: BA(GGL) QF LTS CX AM, Hilton Diamond, PPL(A)
Posts: 1,654
i am tired of these muppett companies not being able to protect data
facebook
google
ba
now cx
they should be fined hard (best if they need to compensate each customer)
ba
now cx
they should be fined hard (best if they need to compensate each customer)
#4
Suspended
Join Date: Jun 2002
Location: Hong Kong
Programs: None any more
Posts: 11,017
The department head was fired years ago (I can't remember what the specific shambles was then, but if you dig into the archives here you'll find it discussed); unfortunately the new department head seems not to be any improvement. This surely reflects on the competence of the senior prople making those recruitment decisions.
#8
Join Date: Dec 2000
Location: HKG
Programs: AA 3MM EXP, SQ Solitaire, LH SEN, CX DM, Hyatt CC, Marriott LT Titanium
Posts: 3,177
Apparently happened back in March.. it's amazing how it took them so long to disclose this.. probably wanted to sweep this under the rug and hope no-one notices!
https://www.scmp.com/news/hong-kong/...ay-pacific-and
https://www.scmp.com/news/hong-kong/...ay-pacific-and
#9
Join Date: Jun 2010
Location: GVA
Programs: CX-DM, BA-GGL, Marriott-TI, HHonors-DM
Posts: 267
Apparently happened back in March.. it's amazing how it took them so long to disclose this.. probably wanted to sweep this under the rug and hope no-one notices!
https://www.scmp.com/news/hong-kong/...ay-pacific-and
https://www.scmp.com/news/hong-kong/...ay-pacific-and
#10
Join Date: Sep 2013
Posts: 525
Wow, talk about stupidity. They fail to understand that they very information they use to confirm identity when calling the MPC line was just compromised. Now they're playing this off as no big deal since no passwords or credit cards were stolen.
If I had this information, I could easily call the MPC/AM line and answer some of the security questions and start making enquiries on the account or even make some bookings with points. This information that was leaked isn't just an MPC/AM issue but a general identity theft issue since now it's easy to steal other information as well. CX needs to do more than just say "Whoops, sorry guys" considering 9.4M customers were affected.
I would say that credit card data compromise is the least of my concerns since that's easy to remedy and as a card holder I have no liability.
If I had this information, I could easily call the MPC/AM line and answer some of the security questions and start making enquiries on the account or even make some bookings with points. This information that was leaked isn't just an MPC/AM issue but a general identity theft issue since now it's easy to steal other information as well. CX needs to do more than just say "Whoops, sorry guys" considering 9.4M customers were affected.
I would say that credit card data compromise is the least of my concerns since that's easy to remedy and as a card holder I have no liability.
Last edited by LoveHateRelationship; Oct 24, 2018 at 6:14 pm
#11
Join Date: Sep 2011
Programs: CX MPC Gold
Posts: 62
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
#12
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
like the above had said, they lost everything except card numbers if they didnt lie. historic route details, address, phone, email.
setting up a correspondence does not stop the details being used for other evil purposes.
here in hk we just had a case of people getting 10ks of usd stolen from p2p payment.
what they hv stolen can log into ur asiamiles acccount, or get a new sim for ALL ur otp for banks and am mpo alike
#13
Join Date: Apr 2012
Location: Hong Kong SAR
Programs: JL Diamond, CX Gold, HH Gold
Posts: 268
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
Their statement informed you some part of your data was not taken, and no one leak all their information.
That means if you have your might have lost your name, your passport number and your previous itin, your email address but they didn't lose something like your seat preference/meal preference.
That was what they mean they did not lose all your data.
If you have called for reporting lost/fraud at asiamiles, you can verify yourself with 4 of such information.
Guess what the thief can do with it.
#14
Join Date: Jan 2014
Posts: 562
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
#15
Join Date: May 2017
Programs: AY Plat (OWE), TK Elite (*G), BT VIP, HH D, BW DS
Posts: 484
Now I'm thinking if my situation is related, where AM has done a grande f**k-up recently.
Called in the other day to book awards, agent started verification. When asked about passport issuing country (been asked and have answered this many times before) she told me my answer was wrong! She claimed that my passport nationality should be HK. Never even had a HK passport! And the last time I booked awards (1month back) my answer to the issuing country (the real one) was good to go. Wondering what the hell is going on with their customer data mgmt...