Cathay Pacific suffers massive data breach compromising personal data of up to 9.4 million of its passengers meanwhile the British Airways woes continue
October 30, 2018 |
Certain industries attract hackers because their businesses are data troves of the best sort of personal information; names, dates of birth, banking and credit card information. Banks, insurance companies, law firms, hospitals and other health providers are top of the list. And airlines. It is therefore hardly surprising that Cathay Pacific has been the subject of a successful data hack resulting in the records of 9.4 million passengers being compromised. That includes 860,000 passport numbers being compromised. The media coverage has been universally negative (here, here and here for example). Particularly so given Cathay was aware of suspicious activity in March and confirmed that personal information was accessed in May. That 5 months delay is ridiculous and a dreadful response to an admittedly difficult situation. It is relevant to note that the shares of Cathay Pacific has dropped 7 % since the announcement of the data breach.
Meanwhile the British Airways hack of last month where it announced 380,000 card payments have been stolen has now gotten a lot worse. A further 77,000 people whose payment cards had been effected. And effected means that the hackers had obtained the billing addresses, card numbers with expiry dates and the CVV. That is about as disastrous as it gets.
The British Airways statement provides:
“Since our announcement on September 6, 2018 regarding the theft of our customers’ data, British Airways has been working continuously with specialist cyber forensic investigators and the National Crime Agency to investigate fully the data theft. We are updating customers today with further information as we conclude our internal investigation.”
“The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV.”