TravelMole
Breaking

Cathay slammed for 'lax' data security following hack

Friday, 7 June 20193 min read
Cathay slammed for 'lax' data security following hack

Hong Kong’s privacy watchdog was highly critical of Cathay Pacific’s data security standards in an investigation report into last year’s huge data breach.

Hong Kong’s commissioner for personal data Stephen Kai-yi Wong called out Cathay’s ‘lax’ data security management.

Data on more than nine million passengers was compromised in a breach which was discovered last October, with 860,000 passport numbers accessed as well as about 245,000 Hong Kong identity card numbers.

The commissioner’s report criticised the airline for holding on to personal ID card data longer than was necessary.

"Cathay adopted a lax attitude towards data governance, which fell short of the expectation of its affected passengers and the regulator," he said.

It failed to spot common vulnerabilities in its data protection system and take action to plug the gaps, the report said.

Cathay acknowledged it had discovered some suspicious activity on its network back in March 2018 and in May 2018 got confirmation that some data had been accessed.

The airline said it is assessing the report’s findings, which requires it to appoint an independent data security expert to revamp its personal data storage systems and set out a data-retention policy.

Cathay has already taken action to enhance security in data governance, network security and access control, it said in a statement.