Hong Kong’s privacy watchdog was highly critical of Cathay Pacific’s data security standards in an investigation report into last year’s huge data breach.
Hong Kong’s commissioner for personal data, Stephen Kai-yi Wong called out Cathay’s ‘lax’ data security management.
Data on more than nine million passengers was compromised in a breach which was discovered last October, with 860,000 passport numbers accessed as well as about 245,000 Hong Kong identity card numbers.
The commissioner’s report criticized the airline for holding on to personal ID card data longer tan was necessary.
"Cathay adopted a lax attitude towards data governance, which fell short of the expectation of its affected passengers and the regulator," he said.
It failed to spot common vulnerabilities in its data protection system and take action to plug the gaps, the report said.
The airline acknowledged it had discovered some suspicious activity on its network back in March 2018 and in May 2018 got confirmation that some data had been accessed.
Cathay said it is assessing the report’s findings, which requires the airline to appoint an independent data security expert to revamp its personal data storage systems and set out a data-retention policy.
The airline has already taken action to enhance security in data governance, network security and access control, it said in a statement.
















