Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Cathay Pacific | Marco Polo Club
Reload this Page >

9.4 million passengers’ data stolen from CX

9.4 million passengers’ data stolen from CX

    Hide Wikipost
Old Nov 1, 18, 1:34 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: kaka
Wiki Link
Cathay Pacific information site:
https://infosecurity.cathaypacific.com/en_HK.html

If you want to hold CX to legal standing for the loss of private data, the best shot would be using EU GDPR regulations:
What to write to DPO/CX ([email protected]) according to EU GDPR in very short... (ref #177)
(if CX is seen as a HK company, then EU GDPR would apply to all EU Citizen inc valid and expired (not renounced) BNO Holders; and if CX is seen managed by John Swire & Sons Ltd in the UK via Swire, then Data Protection Act 2018 (of UK) which includes GDPR would apply to EVERYONE)
  • ask for data that CX hold on you
  • highlight specifically which data was lost
    (there's a few things you could ask them according to GPDR... refer to the website)
They have 1 month to respond or they will have to give you a reasonable timeframe where they have to respond by within the 1 month before you can go to ICO.

If you are seeking compensation from CX the loss of private data, the following sites are dealing with class action against CX (not a legal advise)
Print Wikipost

Old Oct 24, 18, 9:41 am
  #1  
Original Poster
 
Join Date: Mar 2012
Location: Boulder
Programs: AA Plat, CX Silver
Posts: 2,356
9.4 million passengers’ data stolen from CX


Cathay is directing questions to an unverified twitter account. What a clown show.

jetsetter1k likes this.
txflyer77 is offline  
Old Oct 24, 18, 10:06 am
  #2  
 
Join Date: Feb 2011
Posts: 5,711
Unfortunately its hardly surprising given the state of CX's IT. I have absolutely no idea why the department heads weren't fired years ago.
1010101 is offline  
Old Oct 24, 18, 10:06 am
  #3  
 
Join Date: Jul 2012
Location: HKG
Programs: BA(GGL) QF LTS CX AM, Hilton Diamond
Posts: 1,623
i am tired of these muppett companies not being able to protect data

facebook
google
ba
now cx

they should be fined hard (best if they need to compensate each customer)
ermen is offline  
Old Oct 24, 18, 10:12 am
  #4  
Suspended
 
Join Date: Jun 2002
Location: Hong Kong
Programs: None any more
Posts: 11,015
Originally Posted by 1010101 View Post
Unfortunately its hardly surprising given the state of CX's IT. I have absolutely no idea why the department heads weren't fired years ago.
The department head was fired years ago (I can't remember what the specific shambles was then, but if you dig into the archives here you'll find it discussed); unfortunately the new department head seems not to be any improvement. This surely reflects on the competence of the senior prople making those recruitment decisions.
kaka, 1010101, HarbourGent and 2 others like this.
christep is offline  
Old Oct 24, 18, 10:18 am
  #5  
 
Join Date: Dec 2014
Posts: 370
Is there any info on when the hack happened?
fluffymitten is offline  
Old Oct 24, 18, 10:21 am
  #6  
 
Join Date: Jun 2005
Location: HKG
Posts: 1,245
No company can protect our personal data these days. These things are getting way too common. Anyone received notification that their data has been breached?
hkskyline is offline  
Old Oct 24, 18, 11:06 am
  #7  
 
Join Date: Apr 2012
Location: Hong Kong SAR
Programs: JL Diamond, CX Gold, HH Gold
Posts: 210
Again, "Time to win".

They swapped IT head multiple times since then, and they cant trace the source of error. Good job, CX.
kaka likes this.
AmD950 is offline  
Old Oct 24, 18, 11:13 am
  #8  
 
Join Date: Dec 2000
Location: HKG
Programs: AA 3MM CK, SQ Solitaire, LH SEN, CX DM, GP Courtesy Card, Marriott LT Titanium
Posts: 3,006
Apparently happened back in March.. it's amazing how it took them so long to disclose this.. probably wanted to sweep this under the rug and hope no-one notices!

https://www.scmp.com/news/hong-kong/...ay-pacific-and
kaka and jetsetter1k like this.
tfung is offline  
Old Oct 24, 18, 11:19 am
  #9  
 
Join Date: Jun 2010
Location: HKG
Programs: AC-SE, CX-DM, SQ-PPS, Fairmont-Plat, SPG/Marriott-Plat, Le Club Accor-Plat, HHonors Silver
Posts: 237
Originally Posted by tfung View Post
Apparently happened back in March.. it's amazing how it took them so long to disclose this.. probably wanted to sweep this under the rug and hope no-one notices!

https://www.scmp.com/news/hong-kong/...ay-pacific-and
I can’t believe they waited 7 months to disclose this.
hermanc is offline  
Old Oct 24, 18, 6:06 pm
  #10  
 
Join Date: Sep 2013
Posts: 525
Wow, talk about stupidity. They fail to understand that they very information they use to confirm identity when calling the MPC line was just compromised. Now they're playing this off as no big deal since no passwords or credit cards were stolen.

If I had this information, I could easily call the MPC/AM line and answer some of the security questions and start making enquiries on the account or even make some bookings with points. This information that was leaked isn't just an MPC/AM issue but a general identity theft issue since now it's easy to steal other information as well. CX needs to do more than just say "Whoops, sorry guys" considering 9.4M customers were affected.

I would say that credit card data compromise is the least of my concerns since that's easy to remedy and as a card holder I have no liability.
sxc and Jane's Addiction like this.

Last edited by LoveHateRelationship; Oct 24, 18 at 6:14 pm
LoveHateRelationship is offline  
Old Oct 24, 18, 7:09 pm
  #11  
 
Join Date: Sep 2011
Programs: CX MPC Gold
Posts: 62
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
cathaychap is offline  
Old Oct 24, 18, 7:27 pm
  #12  
Suspended
 
Join Date: May 2006
Location: HKG
Programs: A3, TK *G; JL JGC; SPG,Hilton Gold
Posts: 9,959
Originally Posted by cathaychap View Post
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
r u serious

like the above had said, they lost everything except card numbers if they didnt lie. historic route details, address, phone, email.
setting up a correspondence does not stop the details being used for other evil purposes.

here in hk we just had a case of people getting 10ks of usd stolen from p2p payment.
what they hv stolen can log into ur asiamiles acccount, or get a new sim for ALL ur otp for banks and am mpo alike
kaka is offline  
Old Oct 24, 18, 7:39 pm
  #13  
 
Join Date: Apr 2012
Location: Hong Kong SAR
Programs: JL Diamond, CX Gold, HH Gold
Posts: 210
Originally Posted by cathaychap View Post
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
Are you serious?

Their statement informed you some part of your data was not taken, and no one leak all their information.
That means if you have your might have lost your name, your passport number and your previous itin, your email address but they didn't lose something like your seat preference/meal preference.
That was what they mean they did not lose all your data.

If you have called for reporting lost/fraud at asiamiles, you can verify yourself with 4 of such information.
Guess what the thief can do with it.
AmD950 is offline  
Old Oct 24, 18, 8:26 pm
  #14  
 
Join Date: Jan 2014
Posts: 324
Originally Posted by cathaychap View Post
I believe what Cathay is saying is that nobody has had their full profile taken. It's more bits of data taken. Like a few numbers of a passport and half an email address. At any rate, visit infosecurity.cathaypacific.com if concerned. The good thing is that CX, unlike BA, has a coordinated response to the threat. I had to cancel two credit cards with the BA thing.
I do not doubt Cathay's honesty in what they say, but I doubt their ability to know the situation. They clearly have a substandard IT team given how often simple functionality on their website is down (not to mention the ink cartridges in their lounge printers). They either didn't spot this for months or sat on it for months, neither of which inspires confidence. I see no grounds for Cathay to have well-placed confidence that their assessment of the data theft is full and complete.
HarbourGent is offline  
Old Oct 24, 18, 8:37 pm
  #15  
 
Join Date: May 2017
Programs: AY Plat, HH D, BW DS
Posts: 323
Originally Posted by AmD950 View Post

If you have called for reporting lost/fraud at asiamiles, you can verify yourself with 4 of such information.
Guess what the thief can do with it.
This is a really worrying trend, and 7 months for notification is totally unacceptable. Perhaps a lot of people affected were EU citizens and EU could slap CX with a good fine?

Now I'm thinking if my situation is related, where AM has done a grande f**k-up recently.

Called in the other day to book awards, agent started verification. When asked about passport issuing country (been asked and have answered this many times before) she told me my answer was wrong! She claimed that my passport nationality should be HK. Never even had a HK passport! And the last time I booked awards (1month back) my answer to the issuing country (the real one) was good to go. Wondering what the hell is going on with their customer data mgmt...
SuloL is offline  

Thread Tools
Search this Thread
Search Engine: