In a statement disclosed on October 24, Cathay Pacific Airways admitted that the personal data of 9.4 million passengers had been leaked earlier this year. The carrier explained that it had discovered unauthorised access to some of the passenger data that it, and its subsidiary Hong Kong Dragon Airlines, managed. The leaked data included passengers’ names, nationalities, dates of birth, telephone numbers, emails, home addresses, passport numbers, identity card numbers, and travel history. Despite the breach happening earlier in the year, it took the airline seven months to notify affected clients, without addressing whether their data had been encrypted or not. A spokesman for Hong Kong’s Office of the Privacy Commissioner for Personal Data has expressed concern and stated that the office plans to contact the carrier to launch a compliance check.
Written by Dillon Keshvani