Last edit by: kaka
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
https://infosecurity.cathaypacific.com/en_HK.html
If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
- ask for data that CX hold on you
- highlight specifically which data was lost
(there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
- http://www.cathaydatabreach.com
- http://www.classlawdc.com/2018/10/25/cathay-pacific-data-breach-class-action-investigation/
9.4 million passengers data stolen from CX
#151
Join Date: Dec 2007
Location: BOS
Programs: AA, DL, TK
Posts: 230
Matches my situation exactly, with the adds that my AM account is dormant and I'm a US citizen.
#152
Join Date: Dec 2000
Location: HKG
Programs: AA 3MM EXP, SQ Solitaire, LH SEN, CX DM, Hyatt CC, Marriott LT Titanium
Posts: 3,180
You'll be surprised at how many people in HK who actually don't read or know about any daily news and never read their email (if they even have email accounts) to know that this data leak happened at all....
#153
Join Date: Jan 2016
Location: LON
Programs: BAEC
Posts: 3,931
I was expecting something to crop up for myself. And this afternoon the email arrived.
I have a dormant MP profile (used to have a CX Gold from UK Amex).
But I booked in Jan 18 and flew with CX back in May 18 but the booking had no linkage to my old MP profile and was just booked on the CX website and I used BA for status and earning. So for someone with a dormant MP profile and a recent booking not linked to a CX login, the damage was:
I have a dormant MP profile (used to have a CX Gold from UK Amex).
But I booked in Jan 18 and flew with CX back in May 18 but the booking had no linkage to my old MP profile and was just booked on the CX website and I used BA for status and earning. So for someone with a dormant MP profile and a recent booking not linked to a CX login, the damage was:
These specific types of personal data about you were accessed:
- Address
- Name
- Title
#154
Join Date: Jan 2011
Posts: 2,352
I don't think this is unique to HK or CX... take a look at sections for other US carriers, and you'll see a lot of these types of posts.
#155
Join Date: Apr 2014
Location: Hertfordshire, UK
Programs: SQ,CX,LX
Posts: 343
Well, I attempted to log in to my Asia Miles account and my Cathay account today but my passwords didn't work so it looks like they've been changed but not by me. It took a while to get a new password registered and several attempts because the SMS verification code was not coming through for some reason. Looked at my account and nothing has been stolen as far as I can see.
#156
Join Date: Feb 2015
Location: BKK, HKG
Programs: Cathay, BA, UA
Posts: 55
What cross me here is the fact that it takes them months to inform us.
from what I read i could not find the breach if it’s just in March or ongoing, anyone knows?
I have got my name title passport number HKID, phone number, email, birthday, travel history, address assessed. They said the account wasn’t assess in full, the only thing they haven’t got were meal and seat preference and my redemption group details.
I know some Turkish-born Italian guy who lives in Italy got his passport fraud and when he travelled to France he got custody for 48 hours and treated as terrorist suspect. He spent thousands of Euros to rectify the situation.
speaking of which all those info one can easy use the identity of someone.
from what I read i could not find the breach if it’s just in March or ongoing, anyone knows?
I have got my name title passport number HKID, phone number, email, birthday, travel history, address assessed. They said the account wasn’t assess in full, the only thing they haven’t got were meal and seat preference and my redemption group details.
I know some Turkish-born Italian guy who lives in Italy got his passport fraud and when he travelled to France he got custody for 48 hours and treated as terrorist suspect. He spent thousands of Euros to rectify the situation.
speaking of which all those info one can easy use the identity of someone.
#157
FlyerTalk Evangelist
Join Date: Dec 2004
Programs: CX Green, QF Platinum, BAEC Silver, Hyatt Glob
Posts: 10,780
Cathay Pacific calls in police to investigate massive data breach
https://sc.mp/uaw6z
It’s quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
https://sc.mp/uaw6z
It’s quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
#158
Join Date: May 2017
Programs: AY Plat (OWE), TK Elite (*G), BT VIP, HH D, BW DS
Posts: 484
Cathay Pacific calls in police to investigate massive data breach
https://sc.mp/uaw6z
Its quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
https://sc.mp/uaw6z
Its quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
#159
Join Date: Jan 2011
Posts: 2,352
#160
Join Date: Jun 2015
Location: Jakarta
Programs: Flying Blue, Marco Polo, Skywards, Etihad Guest, IHG, Aeroplan
Posts: 269
So yesterday I finally received e-mail from CX. I even received two identical e-mails. My mom is a DM and she said she has not received anything from CX.
Anyway, i got the following
What information was involved?
These specific types of personal data about you were accessed:
So what should we do if the ID monitoring services is not available in the country? In my case, it's neither available in China nor Indonesia.
Anyway, i got the following
What information was involved?
These specific types of personal data about you were accessed:
- Email Address
- Flown Flight Number & Date
- Name
- Nationality
- Telephone Number
So what should we do if the ID monitoring services is not available in the country? In my case, it's neither available in China nor Indonesia.
#161
Join Date: Mar 2012
Location: Vancouver, Manila, Singapore, Kuala Lumpur, Hong Kong
Programs: CX-DM, Marriott Gold, Fairmont Premier
Posts: 335
Cathay Pacific calls in police to investigate massive data breach
https://sc.mp/uaw6z
It’s quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
https://sc.mp/uaw6z
It’s quite incredible that given CX said the delay to revealing the breach was to do their due diligence around the details, and only now have the police been called in.
Speaking on a radio show on Monday, Wong also said his group was prepared to offer legal help to anyone who wanted to submit a claim for damages against the airline.
Any idea if the legal help is only for those HK residences or worldwide?
“If someone thinks they have suffered damages, including damage to feelings, they can apply to our office for legal help,” Wong said.
Damage to feelings... i feel violated. lol.
#163
Join Date: Feb 2008
Location: Hong Kong
Programs: CX DM
Posts: 204
Customer survey
With the hack and all that, I've just received this email from <[email protected]> Seems legit enough but its the first time I've seen this format....others have seen / received this?
#165
Join Date: Dec 2001
Location: Free Republic of Florida
Programs: LH Senator, CX Diamond, UA Prem Plat, Fans of MO Elite
Posts: 589
After I got my data security breach email from CX, I sent an email to Rupert Hogg, another senior manager and their infosecurity desk. I asked some straightforward questions. It took their Customer Relations team 3 days to send me the following pathetic reply.
"Thank you for your email to Mr Rupert Hogg, our Chief Executive Officer, our senior management team and the info security team regarding your concerns on the data security event.
We are sorry that we have not been able to respond as of yet. We fully appreciate and recognise your concerns. Please allow us to look into the matter before replying to you in more detail. In the meantime, thank you for your patience and for taking the time to contact us.
Yours sincerely
Customer Relations Department
Cathay Pacific Airways Limited
Hong Kong Dragon Airlines Limited"
"Thank you for your email to Mr Rupert Hogg, our Chief Executive Officer, our senior management team and the info security team regarding your concerns on the data security event.
We are sorry that we have not been able to respond as of yet. We fully appreciate and recognise your concerns. Please allow us to look into the matter before replying to you in more detail. In the meantime, thank you for your patience and for taking the time to contact us.
Yours sincerely
Customer Relations Department
Cathay Pacific Airways Limited
Hong Kong Dragon Airlines Limited"