Cathay Pacific urged to extend free ID monitoring service in wake of massive data breach affecting 9.4 million passengers
- Online security expert says four to six years of surveillance needed to match lifespan of credit card
- Lawmaker Charles Mok disagrees, saying involvement of contractor ‘complicates the problems’
The 9.4 million affected passengers started receiving notification emails from the city’s flagship carrier on Thursday detailing the nature of the personal details, such as names, nationalities and travel document numbers, that had been illegally accessed in March.
The airline also offered them a 12-month free ID monitoring service by a third-party provider, which would sweep cyber outlets to see whether any passenger data was available on social platforms and the dark web – a section of the internet that can be accessed only with special software, settings or authorisation.
“This service [IdentityWorks Global Internet Surveillance] monitors if your personal data may be available on public websites, chat rooms, blogs and non-public places on the internet … such as dark web sites,” the email read. “This is an optional service, and how much information to include in the identity monitoring is completely at your discretion.”
Worried after Cathay Pacific’s data breach? Here’s all you need to know
Anthony Lai Cheuk-tung, founder and security researcher at Valkyri-X Security Research Group, said the service should be extended to four to six years, as that was the lifespan of a credit card, while Hong Kong residents would soon replace their identity cards, with the exercise set to be completed in 2022.
