You are here
World’s biggest airline data hack went on for months, says Cathay Pacific
[SINGAPORE] Cathay Pacific Airways Ltd, which is under fire for the world's biggest airline data breach, said the sophisticated attacks lasted months as it took steps to shield its exposed computer network.
The attacks were most intense March through May and continued, Asia's biggest airline said on Monday in a written submission to Hong Kong's legislature before a panel hearing this week. Although the number of successful attacks diminished, concerns remain "new attacks could be mounted", the city-based airline said, apologising to passengers for the incident.
"Cathay is cognisant that changes in the cybersecurity threat landscape continue to evolve at pace as the sophistication of the attackers improves," it said. "Our plans, which include growing our team of IT security specialists, will necessarily evolve in response to this challenging environment."
Hong Kong's privacy watchdog said last week that it was investigating the breach the carrier disclosed seven months after detection. While the attack exposed personal information of 9.4 million passengers, including passport details, addresses and emails, Cathay Pacific said flight safety wasn't compromised and there was no evidence the data was misused.
The carrier said it has spent more than HK$1 billion (S$176.6 million) on its IT infrastructure and security over the past three years. Shares of the premium airline extended declines, slipping 1.5 per cent as at 9.34am on Tuesday in Hong Kong. The have dropped 2.3 per cent since a filing disclosed the breach on Oct 24.
The breach has prompted calls to overhaul Hong Kong's two-decades-old privacy laws to ensure companies report any leaks quicker. For now, offences for disclosing personal data obtained without consent from users could be subject to a fine of HK$1 million and imprisonment for five years, according to the Personal Data Ordinance. Individuals who suffer damage could also seek compensation.