Cathay Pacific data breach probed by Hong Kong privacy watchdog

[SINGAPORE] Hong Kong's privacy watchdog is investigating Cathay Pacific Airways Ltd. after the carrier last month disclosed the world's biggest airline data breach that exposed personal information of 9.4 million customers.

The compliance probe will examine security measures taken by Cathay Pacific to safeguard its customers' private data and the airline's information retention policy and practice, the city's privacy commissioner for personal data Stephen Kai-yi Wong said in a statement late Monday. The regulator is aiming to determine if the company violated national data protection law, he said.

The watchdog said it had received scores of complaints linked to the data breach, which Cathay Pacific revealed in a stock exchange filing on Oct 24, seven months after detecting the violation. While passports, addresses and emails were exposed, flight safety wasn't compromised and there was no evidence any information has been misused, Asia's biggest international carrier said, without revealing details of the origin of the attack.

The stock has rebounded in Hong Kong after falling 3.8 per cent the day after the revelation, which was the most in almost two years. Shares rose as much as 0.8 per cent on Tuesday.

The privacy commissioner began the compliance check after the latest information shared by Cathay Pacific offered "reasonable grounds" to believe there may have been a violation of rules, the regulator said.

A Cathay Pacific representative said the airline is "studying the statement of the Office of the Privacy Commissioner and will continue to cooperate fully with the authorities."

As of late Nov 5 in Hong Kong, the privacy commissioner's office received 108 inquiries and 89 complaints related to the data breach, according to the statement.

BLOOMBERG