Hong Kong privacy watchdog orders Cathay Pacific to take remedial action over massive leak of customer data

Privacy Commissioner Stephen Wong released investigation report after personal information of 9.4 million passengers was leaked last year

Airline slammed for failing to take all reasonable steps to protect affected passengers’ data against unauthorised access

3-MIN READ3-MIN

Cathay Pacific revealed the data breach last October. Photo: Felix Wong

Published: 7:00am, 7 Jun 2019Updated: 10:40am, 7 Jun 2019

Hong Kong’s privacy watchdog has ordered Cathay Pacific Airways to take remedial action for beaching the law after the personal information of 9.4 million passengers was leaked last year.

Privacy Commissioner for Personal Data Stephen Wong Kai-yi released his office’s investigation report on Thursday, seven months after the city’s flagship carrier revealed the massive data leak in October.

At the time, the company said it had discovered customer data of Cathay Pacific and its subsidiary, Cathay Dragon, had been accessed without authorisation, including passenger names, nationalities, dates of birth, identity card numbers and travel history.

Some 403 expired credit card numbers and 27 credit card numbers with no card verification value were compromised, along with about 860,000 passport numbers and 240,000 Hong Kong identity card numbers.

Stephen Wong released the investigation report seven months after the data breach was revealed. Photo: David Wong

The revelation earned the airline a strong rebuke from the privacy commissioner while angry passengers complained about being deliberately kept in the dark.