Cathay Pacific hit by data leak affecting 9.4m passengers

[shri]

In a parallel universe ...

https://www.reuters.com/article/us-i...-idUSKCN1U30KD

[Coolboy]

Seems like CX will get away with some recommendations - no fines.

Draw up data retention policy, privacy chief orders Cathay Pacific - The Standard

CX has always been protected by the governmemt either directly or indirectly.

[aceofangel]

Very little incentive for CX to improve anything that does not directly impact their bottom line. The cost benefit analysis does not add up without any fines.

[MatthieuTofu]

CX has always been protected by the governmemt either directly or indirectly.

Not helped by the fact that people working at Cathay management regularly switch between their jobs there and at the Civil Aviation Department.

[dengxi]

https://www.bbc.com/news/business-48905907 - BA hit with 183mn GBP fine for data breach. Nothing says "sorry" like cash.

[Elegiaque]

Have been dealing with an unauthorized transaction on my (now old) credit card. They knew my address, name and credit card number to make an online purchase.

Think it was from this leak? Has anyone been experiencing the same?

[shri]

@Elegiaque - did you ever figure out what happened with your credit card?

UK Authorities fine Cathay:

Cathay Pacific Airways has avoided a crippling financial penalty of as much as HK$4.4 billion (US$564 million) under tough European data privacy laws for a 2018 breach, after Britain’s information watchdog fined it a fraction of that sum using older legislation.

The British Information Commissioner’s Office (ICO) announced on Wednesday that Hong Kong’s flagship carrier was to pay a £500,000 (US$639,600) fine, the first financial penalty meted out by any jurisdiction for the data breach, for what it described as a “catalogue of errors”.

https://www.scmp.com/news/hong-kong/...ivacy-watchdog

[Paxbritannia]

There was a UK law firm trying to run a class action against CX and BA for data breaches, does anyone know what happened to them?

[traineeinvestor]

Hong Kong has recently begun the process of revamping the Personal Data (Privacy) Ordinance. Among the many changes needed are giving the Privacy Commissioner the power to impose fines and other sanctions for data breaches, misuse of personal data etc - at the moment it's a pretty toothless watchdog.

Assuming the HKSAR Govt goes ahead and introduces an Archives Law and an Access to Information Law following last year's consolation exercise, there would need to be some amendments to the PDPO anyway and it's easier to go through the legislative amendment process once rather than twice.