Asia Biz News - Asian Business News and Tenders

Cathay Pacific Suffers Major Data Breach

October 26, 2018

Hong Kong flagship airline Cathay Pacific revealed on October 24 that critical personal data and travel information on 9.4 million passengers had been breached.

For those involved, the information disclosed represented a serious problem. It includes such sensitive information as passport and government ID numbers, credit card information (though not including security codes), frequent flyer membership information, phone numbers, extensive information on past travels by the passengers, and dates of birth.

Sadly, the airline in its announcement seemed more concerned with saying that the breach would not affect flight operations or safety on their planes. Despite that it is only notifying people now, the airline has also known about this breach for seven full months, a period of time in which serious harm likely has been done with the information by those who were able to access it.

The emails going out to those affected also offer 12 months of “free” tracking to see if something bad happens to them because of the data breach.

The bad news is the service they are offering, IdentityWorks Global Internet Surveillance, is from Experian, a credit agency which has had multiple and bigger data breaches of its own. One of those in 2017 compromised 127 million homeowner accounts. A smaller one at T-Mobile through Experian systems also compromised 15 million customers’ worth of data.

Considering that to use the service one also has to give up additional sensitive information (such as Social Security Numbers, for U.S. clients), it is hard to imagine anyone aware of those circumstances would disclose their even more sensitive personal information to that company in order to solve the problem which just happened at Cathay Pacific.

Copyright: North America Procurement Council Inc., PBC