Last edit by: kaka
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
- ask for data that CX hold on you
- highlight specifically which data was lost
(there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
- http://www.cathaydatabreach.com
- http://www.classlawdc.com/2018/10/25/cathay-pacific-data-breach-class-action-investigation/
9.4 million passengers’ data stolen from CX
#121
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952
we might be able to give GDPR some kicks so they would look into it more carefully.
#123
Join Date: Jun 2016
Location: Hong Kong
Programs: Lowly CX & IHG
Posts: 382
I joined this mess with name, nationality, permit number and title. Well I surrendered these to the northern territory through name verification long ago so that's not much added concern to me. For my travel history, maybe the internet giants have had my data more comprehensively.
I also think the time is quite too long and not the most intuitive choice to disclose so late than to truly sweep it under the rug. Is it better to know? Yeah in the spirit of GDPR sort of thing, even though worried me and not much I could do. Given the delay hopefully there's no further "correction" to the area of impact.
I also think the time is quite too long and not the most intuitive choice to disclose so late than to truly sweep it under the rug. Is it better to know? Yeah in the spirit of GDPR sort of thing, even though worried me and not much I could do. Given the delay hopefully there's no further "correction" to the area of impact.
#125
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 335
Don't think there's anything I can do except to do the Canadian thing in saying "Sorry Cathay for trusting you and having my confidential data with you".
#128
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 335
#129
Join Date: Jan 2018
Programs: MPCGO
Posts: 123
"We initially discovered suspicious activity on our network in March this year. Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed."
If 9 million passengers' data was compromised, no way was there any immediate action as the event wasn't contained.
"We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks."
Looking at above posts with fraudulent CC transactions with CX Amex cards (not one, but multiple individuals), I find this hard to believe.
"The following types of personal data about you were accessed:
So am I assuming that it was accessed partially?
Such a vague and self contradictory email.
If 9 million passengers' data was compromised, no way was there any immediate action as the event wasn't contained.
"We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks."
Looking at above posts with fraudulent CC transactions with CX Amex cards (not one, but multiple individuals), I find this hard to believe.
"The following types of personal data about you were accessed:
- Address
- Email Address
- Name
- Nationality
- Telephone Number
- Title
So am I assuming that it was accessed partially?
Such a vague and self contradictory email.
#131
Join Date: Dec 2001
Location: China
Posts: 1,552
The Data Protection Officer
Cathay Pacific Airways Limited
6th Floor Cathay Pacific City
8 Scenic Road
Hong Kong International Airport
Lantau
Hong Kong
Hong Kong Dragon Airlines Limited
5th Floor Cathay Dragon House
11 Tung Fai Road
Hong Kong International Airport
Lantau
Hong Kong
So looks as if they are keen to protect their personal data/ privacy!
#132
Join Date: Mar 2005
Location: Vancouver, BC
Programs: Aeroplan
Posts: 810
For CX to disclose this six months later is unforgivable. They say the took immediate action, but immediate action requires you to notify those who could be affected. That way, THEY can take immediate action to limit damage/protect themselves. By delaying this six months, the thieves could have done incalculable damage to up to 9M customers by now.
The management team at CX are such irresponsible liars. I hope CX gets fined/sued appropriately for such casual disregard of their customers.
The management team at CX are such irresponsible liars. I hope CX gets fined/sued appropriately for such casual disregard of their customers.
#134
Suspended
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,952