top of page

Personal data of 9.4 million passengers of Cathay Pacific and subsidiary leaked

  • Information consists of passengers’ names, nationalities, dates of birth, identity card numbers and historical travel details

  • Suspicious activity detected in March, prompting a cybersecurity investigation – but IT lawmaker questions why carrier waited till now to disclose breach

Cathay Pacific Airways looks set to escape heavy penalties under Hong Kong, United States and European Union privacy laws, even as it faces universal condemnation for keeping a massive data breach secret for seven months.

The city’s flagship carrier revealed late on Wednesday night that personal details of 9.4 million passengers had been illegally accessed by hackers in March, earning a strong rebuke from the privacy commissioner on Thursday while angry passengers complained about being deliberately kept in the dark.

While the European Union’s new General Data Protection Regulation requires such breaches to be reported within 72 hours, corporate lawyers said Cathay may have narrowly escaped punishment, as the breach was discovered about three months before a rule change on May 25.

Under EU law, companies that fail to report such breaches in a timely manner can now be fined 4 per cent of their annual revenue. Laws in certain European nations, including Germany, France and the Netherlands, stipulate penalties for failure or delay in notifying regulators or affected persons.


PUBLISHED : Thursday, 25 October, 2018, 10:55am

UPDATED : Friday, 26 October, 2018, 10:05am

14 views0 comments


bottom of page