Last edit by: kaka
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
- ask for data that CX hold on you
- highlight specifically which data was lost
(there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
- http://www.cathaydatabreach.com
- http://www.classlawdc.com/2018/10/25/cathay-pacific-data-breach-class-action-investigation/
9.4 million passengers’ data stolen from CX
#61
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
Some questions that I am unclear about
1. Does this only affect MPO / AM members / registered account members or are guests affected?
2. Only revenue fares or AM /redemptions or both?
2. Are third party (eg Expedia ) bookings affected
3. Even better are CX redemption via OW affected
I haven't received any email, because I don't generally book CX revenue. But have booked a few redemption using AM and BAEC
1. Does this only affect MPO / AM members / registered account members or are guests affected?
2. Only revenue fares or AM /redemptions or both?
2. Are third party (eg Expedia ) bookings affected
3. Even better are CX redemption via OW affected
I haven't received any email, because I don't generally book CX revenue. But have booked a few redemption using AM and BAEC
#63
Join Date: Jan 2006
Programs: AAdvantage Asia Miles Air China
Posts: 870
I find it impossible to trust anything CX says on this. I also must be careful as data is my business, not IT, but information for Capital Markets.
These are some points which I feel must make people think:
And comparing to BA, they had 400K customers details taken, CX lost 9 Million more or 23.5 times more. Impressive in its negligence.
Back to my mantra, CX and technology, 'Where the intelligence is virtual'
These are some points which I feel must make people think:
- The data stolen is not the same for everyone, this implies a huge issue in terms of accessability and CX IT infrastucture. System access, storage and integrity are seriously compomised
- To employ a negative, CX may know what was taken but they probably do not know everything that was taken
- At the moment personal data security is structured by types on a layered basis in a simplistic interogation environment, so it is about the combinations of data stolen. People with IDs and Dates of Birth being taken are at a high risk, however, a determined criminal can add value to the stolen data by going to social media. If I know who a person is and have other data, then things like Facebook are going to offer up missing information
- Also CX has not stated if status has been taken as well. Knowing this allows criminals to prioritise targets
- CX has only given the bare minimum of information and applied obfuscation, things like "We have no evidence of" and so on, it is the get of gaol card. They are probably too incompetant to actually know how to find evidence, and equally from a previous post we can see CX are likely to be wrong about knowing what data for each client they have lost
- Appalling data governance, though more likely non-existent data governance, if this had happened at a Bank I know exactly what would happen and when
And comparing to BA, they had 400K customers details taken, CX lost 9 Million more or 23.5 times more. Impressive in its negligence.
Back to my mantra, CX and technology, 'Where the intelligence is virtual'
Last edited by Nicc HK; Oct 25, 2018 at 4:59 am
#64
Join Date: Nov 2013
Location: Places
Programs: CI Paragon, AF Gold, Bonvoy Ambassador Elite, Shangri-La Jade
Posts: 170
#65
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
https://twitter.com/benjaminbland/st...331503616?s=21
Cathay is directing questions to an unverified twitter account. What a clown show.
https://twitter.com/cathaypacific/st...444854273?s=21
Cathay is directing questions to an unverified twitter account. What a clown show.
https://twitter.com/cathaypacific/st...444854273?s=21
#66
Join Date: Apr 2001
Location: HKG/HND/OOL
Programs: QF Emerald. SQ Gold.
Posts: 3,170
very strange timing but my CX Elite card was used fraudulently over the weekend Amex called.about it and i had to cancel the card...
today i see this. .i know theft was 7mths ago ....but.. what a.coincidence
today i see this. .i know theft was 7mths ago ....but.. what a.coincidence
#67
Join Date: Jul 2011
Programs: BA Bronze
Posts: 1,026
One of my family members just received the email that the following were taken (less bad than others..?):
- address
- name
- title
I have not received an email yet relating to my own data. Neither of us are MP, but both have an AM account.
- address
- name
- title
I have not received an email yet relating to my own data. Neither of us are MP, but both have an AM account.
#68
Join Date: Jan 2011
Location: HKG/YVR
Programs: MPO, Aeroplan, SPG
Posts: 183
My wife has no status, just Asia Miles member and received the e-mail at around 18:05. I received nothing
#69
Join Date: Jun 2005
Location: HKG
Posts: 1,505
Anyone subscribing to their identity monitoring service with experian? Wonder if it's effective or more giving your personal data to another 3rd party.
http://www.globalidworks.com/identity1
http://www.globalidworks.com/identity1
#70
Join Date: Apr 2004
Location: Tokyo, Vancouver, Hong Kong, Dublin
Programs: CX DM
Posts: 880
Anyone subscribing to their identity monitoring service with experian? Wonder if it's effective or more giving your personal data to another 3rd party.
http://www.globalidworks.com/identity1
http://www.globalidworks.com/identity1
#71
Join Date: Feb 2008
Location: Hong Kong
Programs: CX DM
Posts: 204
Anyone subscribing to their identity monitoring service with experian? Wonder if it's effective or more giving your personal data to another 3rd party.
http://www.globalidworks.com/identity1
http://www.globalidworks.com/identity1
- Email Address
- HKID Number
- Name
- Nationality
- Telephone Number
- Title
Last edited by clazza; Oct 25, 2018 at 6:58 am Reason: grammar
#73
Join Date: Sep 2013
Posts: 525
Guys, I doubt status has anything to do with when you're getting it. It's just a matter of how the query is run and when they load the mail server to send it out.
Something to keep in mind. By accepting their identity theft protection, you could possibly by absolving CX of any responsibility they have to you. If you do want to be compensated somehow, you should read the T&Cs before accepting their identity theft protection.
Something to keep in mind. By accepting their identity theft protection, you could possibly by absolving CX of any responsibility they have to you. If you do want to be compensated somehow, you should read the T&Cs before accepting their identity theft protection.
#74
Join Date: Sep 2014
Location: DTW - Rochester Hills, MI
Programs: Cathay MPC, IHG Diamond Ambassador, Domestic Airline Nobody
Posts: 715
To those that have received the emailed notification, can one of you confirm if it comes from the same Marco Polo email address? I want to make sure my spam filters whitelist the address if it is something different.
#75
Join Date: Nov 2017
Location: HKG
Programs: CX, BA
Posts: 69
Surprisingly calm when reading this. Prob becoz my name, address, ID bla bla bla were already leaked when HK gov lost the computer containing all HK voter's information. Not particularly crossed if/when CX leaked those again. But why do they announce this 5 months after confirming such incident? In March, It still kind of reasonable not to announce to the public when they 'suspected' such leakage. It is hard to see any legitimate reason to remain silence for 5 months after knowing such colossal data leakage.