With Cathay Pacific bosses set for grilling on massive data breach, is carrier heading for hefty EU fine?
- Hong Kong lawmakers want to know exact details of hacking attack, which airline on Monday revealed had lasted for longer than it said earlier
- Tough new European Union privacy regulations came into force on May 25
All eyes are on whether Cathay Pacific Airways may face a hefty penalty over its massive data leak after it revealed on Monday that the hacking activities might have stretched beyond the effective date of tough new European Union privacy regulations.
Management of the airline, which has shied away from the Post’s questions related to the exact duration of the data breach that involved 9.4 million customers, will be grilled by lawmakers at a Legislative Council meeting on Wednesday morning.
Legal experts had previously said the airline would probably be spared from the EU’s new General Data Protection Regulation (GDPR), which took effect on May 25. That was because Cathay had said it only detected the problem in March and had it confirmed in early May. The new law was not retroactive.
However, the airline on Monday revealed in a written submission to lawmakers ahead of the Legco hearing that the attack lasted for far longer than it previously admitted.
It did not disclose if the later hack attacks were successful or how long the infiltration lasted.