Cathay Pacific data hack 'probably the biggest' in industry| 29 Oct 2018
Cathay Pacific Airways (0293) became the target of the world's biggest airline data breach, when it suffered from hackers who leaked the personal information of 9.4 million customers.
The carrier disclosed the unauthorized access late Wednesday, seven months after discovering the violation. While passports, addresses and emails were exposed, flight safety wasn't compromised and there was no evidence any information has been misused, it said, without revealing details of the origin of the attack.
"This is quite shocking," said Shukor Yusof, founder of aviation consulting firm Endau Analytics in Malaysia. "It's probably the biggest breach of information in the aviation sector."
Affecting more people than the population of Cathay Pacific's home base of Hong Kong, the hack is in another league to breaches reported by British Airways and Delta Air Lines this year. Those carriers boosted spending on cybersecurity after hacks, which saw personal and financial information of hundreds of thousands of customers illegally accessed.
"At this point, we believe it is uncertain if Cathay Pacific would be liable to any fines imposed by government authorities for such a breach," Geoffrey Cheng, an analyst at Bocom International, wrote in a research note Thursday. "However, we expect the share price jitters to linger on for a while."
The data breach at Cathay - a partner of British Airways in the Oneworld airline alliance - adds to the carrier's woes, with chief executive Rupert Hogg trying to turn it around after two straight annual losses.
Some local lawmakers criticized Cathay for taking so long to reveal the breach. Lam Cheuk-ting, a member of the Legislative Council's security committee, told reporters that many people in Hong Kong are angry and the airline should have taken the initiative the very first day it found out. Cathay's chief customer and commercial officer Paul Loo Kar-pui said the airline wanted to have accurate grasp on the situation and didn't wish to "create unnecessary panic," AFP reported.
British Airways said the hack on its system lasted for more than two weeks during the months of August and September, compromising credit-card data of some 380,000 customers. Delta said in April that cyberattack on a contractor last year exposed the payment information of "several hundred thousand customers."