FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Cathay Pacific | Marco Polo Club (https://www.flyertalk.com/forum/cathay-pacific-marco-polo-club-487/)
-   -   9.4 million passengersí data stolen from CX (https://www.flyertalk.com/forum/cathay-pacific-marco-polo-club/1937167-9-4-million-passengers-data-stolen-cx.html)

txflyer77 Oct 24, 18 10:41 am

9.4 million passengersí data stolen from CX
 

Cathay is directing questions to an unverified twitter account. What a clown show.


1010101 Oct 24, 18 11:06 am

Unfortunately its hardly surprising given the state of CX's IT. I have absolutely no idea why the department heads weren't fired years ago.

ermen Oct 24, 18 11:06 am

i am tired of these muppett companies not being able to protect data

facebook
google
ba
now cx

they should be fined hard (best if they need to compensate each customer)

christep Oct 24, 18 11:12 am


Originally Posted by 1010101 (Post 30350859)
Unfortunately its hardly surprising given the state of CX's IT. I have absolutely no idea why the department heads weren't fired years ago.

The department head was fired years ago (I can't remember what the specific shambles was then, but if you dig into the archives here you'll find it discussed); unfortunately the new department head seems not to be any improvement. This surely reflects on the competence of the senior prople making those recruitment decisions.

fluffymitten Oct 24, 18 11:18 am

Is there any info on when the hack happened?

hkskyline Oct 24, 18 11:21 am

No company can protect our personal data these days. These things are getting way too common. Anyone received notification that their data has been breached?

AmD950 Oct 24, 18 12:06 pm

Again, "Time to win".

They swapped IT head multiple times since then, and they cant trace the source of error. Good job, CX.

tfung Oct 24, 18 12:13 pm

Apparently happened back in March.. it's amazing how it took them so long to disclose this.. probably wanted to sweep this under the rug and hope no-one notices!

https://www.scmp.com/news/hong-kong/...ay-pacific-and

hermanc Oct 24, 18 12:19 pm


Originally Posted by tfung (Post 30351143)
Apparently happened back in March.. it's amazing how it took them so long to disclose this.. probably wanted to sweep this under the rug and hope no-one notices!

https://www.scmp.com/news/hong-kong/...ay-pacific-and

I canít believe they waited 7 months to disclose this.

LoveHateRelationship Oct 24, 18 7:06 pm

Wow, talk about stupidity. They fail to understand that they very information they use to confirm identity when calling the MPC line was just compromised. Now they're playing this off as no big deal since no passwords or credit cards were stolen.

If I had this information, I could easily call the MPC/AM line and answer some of the security questions and start making enquiries on the account or even make some bookings with points. This information that was leaked isn't just an MPC/AM issue but a general identity theft issue since now it's easy to steal other information as well. CX needs to do more than just say "Whoops, sorry guys" considering 9.4M customers were affected.

I would say that credit card data compromise is the least of my concerns since that's easy to remedy and as a card holder I have no liability.

cathaychap Oct 24, 18 8:09 pm

I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.

kaka Oct 24, 18 8:27 pm


Originally Posted by cathaychap (Post 30352747)
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.

r u serious

like the above had said, they lost everything except card numbers if they didnt lie. historic route details, address, phone, email.
setting up a correspondence does not stop the details being used for other evil purposes.

here in hk we just had a case of people getting 10ks of usd stolen from p2p payment.
what they hv stolen can log into ur asiamiles acccount, or get a new sim for ALL ur otp for banks and am mpo alike

AmD950 Oct 24, 18 8:39 pm


Originally Posted by cathaychap (Post 30352747)
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.

Are you serious?

Their statement informed you some part of your data was not taken, and no one leak all their information.
That means if you have your might have lost your name, your passport number and your previous itin, your email address but they didn't lose something like your seat preference/meal preference.
That was what they mean they did not lose all your data.

If you have called for reporting lost/fraud at asiamiles, you can verify yourself with 4 of such information.
Guess what the thief can do with it.

HarbourGent Oct 24, 18 9:26 pm


Originally Posted by cathaychap (Post 30352747)
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.

I do not doubt Cathay's honesty in what they say, but I doubt their ability to know the situation. They clearly have a substandard IT team given how often simple functionality on their website is down (not to mention the ink cartridges in their lounge printers). They either didn't spot this for months or sat on it for months, neither of which inspires confidence. I see no grounds for Cathay to have well-placed confidence that their assessment of the data theft is full and complete.

SuloL Oct 24, 18 9:37 pm


Originally Posted by AmD950 (Post 30352817)

If you have called for reporting lost/fraud at asiamiles, you can verify yourself with 4 of such information.
Guess what the thief can do with it.

This is a really worrying trend, and 7 months for notification is totally unacceptable. Perhaps a lot of people affected were EU citizens and EU could slap CX with a good fine? :p

Now I'm thinking if my situation is related, where AM has done a grande f**k-up recently.

Called in the other day to book awards, agent started verification. When asked about passport issuing country (been asked and have answered this many times before) she told me my answer was wrong! She claimed that my passport nationality should be HK. Never even had a HK passport! And the last time I booked awards (1month back) my answer to the issuing country (the real one) was good to go. Wondering what the hell is going on with their customer data mgmt...


All times are GMT -6. The time now is 1:36 pm.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.