kaka

do you have the EU28 passport or BNO?
we might be able to give GDPR some kicks so they would look into it more carefully.

fishball

My dad who has NOT flown with CX in the past 5 years (but uses AM otherwise) has had his

• Address
• Name
• Title

assessed. Hmm...

watery

I joined this mess with name, nationality, permit number and title. Well I surrendered these to the northern territory through name verification long ago so that's not much added concern to me. For my travel history, maybe the internet giants have had my data more comprehensively.

I also think the time is quite too long and not the most intuitive choice to disclose so late than to truly sweep it under the rug. Is it better to know? Yeah in the spirit of GDPR sort of thing, even though worried me and not much I could do. Given the delay hopefully there's no further "correction" to the area of impact.

LapuLapu

Received the email.

• Date of Birth
• Email Address
• Name
• Nationality
• Telephone Number
• Title
• Travel Document Number

blum81

Naah. holding a Canada passport, but living in Malaysia.

Don't think there's anything I can do except to do the Canadian thing in saying "Sorry Cathay for trusting you and having my confidential data with you".

corbomite

Received the email and my HKID and date of birth was accessed

But I don't have a HKID number in the first place?

xuukgo

blum81

meal preference is missing.

mbamejia

"We initially discovered suspicious activity on our network in March this year. Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed."

If 9 million passengers' data was compromised, no way was there any immediate action as the event wasn't contained.

"We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks."

Looking at above posts with fraudulent CC transactions with CX Amex cards (not one, but multiple individuals), I find this hard to believe.

"The following types of personal data about you were accessed:

• Address
• Email Address
• Name
• Nationality
• Telephone Number
• Title

Your travel or loyalty profile was not accessed in full, and your password was not compromised."

So am I assuming that it was accessed partially?

Such a vague and self contradictory email.

txflyer77

Does anyone know if Cathay ever named a Data Protection Officer for GDPR purposes?

peasant

Customers requesting more information or clarification on specific Personal Data usage are welcome to contact us at [email protected] or write to us at the below mailing addresses:

The Data Protection Officer
Cathay Pacific Airways Limited
6th Floor Cathay Pacific City
8 Scenic Road
Hong Kong International Airport
Lantau
Hong Kong

Hong Kong Dragon Airlines Limited
5th Floor Cathay Dragon House
11 Tung Fai Road
Hong Kong International Airport
Lantau
Hong Kong

So looks as if they are keen to protect their personal data/ privacy!

Frayed_Yak

For CX to disclose this six months later is unforgivable. They say the took immediate action, but immediate action requires you to notify those who could be affected. That way, THEY can take immediate action to limit damage/protect themselves. By delaying this six months, the thieves could have done incalculable damage to up to 9M customers by now.

The management team at CX are such irresponsible liars. I hope CX gets fined/sued appropriately for such casual disregard of their customers.

ng1265

Marry her, name change, problem solved :-)

(although it might be an expensive way to remedy the situation :-D

kaka

ng1265

anyone in the UK looking to start a class-action?