Cathay Pacific is the latest to suffer a large scale data breach. The attackers were able to gain ‘unauthorized access’ to passenger data for up to 9.4 million people. The following data was accessed (emphasis ours):
- passenger name;
- nationality;
- date of birth;
- phone number;
- email;
- address;
- passport number;
- identity card number;
- frequent flyer programme membership number;
- customer service remarks; and
- historical travel information.
A small amount (403) expired credit card numbers were also accessed along with twenty-seven credit card numbers with no CVV. What makes matters worse is that Cathay Pacific first detected suspicious activity in March and then confirmed that unauthorized access was used to obtain the sensitive personal information listed above. Why has it taken almost half a year for customers to be notified? Cathay Pacific have stated they will be notifying affected customers by multiple communication channels.
I’ve said it before and I’ll say it again, until the penalties for data breaches are increased corporations will fail to adequately invest in cyber security. The individual damage that can be done by a data breach cannot be understated and it’s time for regulators to move to increase the penalties.
Just got my breach email. Luckily all they got was name and address since I never put in passport info. They can get that at the airport.
Same here. Got saved honestly. Gonna remove all my PP info now of all loyalty programs.
Airlines systems (including Chase) are yester-century tech. Chase is still using Windows 7. Don’t believe me? Visit your local cha$e.
That’s not terrible when you compare to some parts of our utility systems. What’s a computer?
I usually can’t stand Government Intervention into the private sector, but this has gotten out of hand.
There needs to be some law changes around Cybersecurity requiring mandatory insurance. Severe punishments for those who get breached. Even more severe for the criminals who do the breaching.
If companies start having to pay up big for breaches, than maybe they’ll actually invest into quality cybersecurity solutions.
Roll eyes. Can’t stand gov’t! Until they want it for their own selfish interests.
Ha ha yup, can’t stand until it hits them 🙂
This is ridiculous. I was affected by the British Airways data breach back in August. I believe they actually got my Reserve info as right after being notified they tried ringing up two online purchases over $3000 each. Had to cancel the card the day before I left on a trip and almost cost me quite a bit of points and my rental insurance/discount on an Audi. Luckily Chase was able to overnight my card to the Hyatt in Aspen so the card was there when I arrived the next day and they allowed the one silver car transaction to go through on my old card number. It actually went pretty smoothly but the timing could of made it bad for me. Plus Chase caught the transactions as they were attempting it so kudos to them. Love my Reserve card and the customer service I’ve received from Chase.
Off topic but to ur point, loved reserve till I had to raise a dispute on an ikea item. Boy that was more painful than a visit to the dentist and in the end they didn’t refund me the money. Stopped buying big ticket items on chase cards.
Because they can since there is no rule of law for them to adhere to.
They will not learn unless consumers take them to court for substantial damages which really hurts their bottom line. If they have to pay substantial cash to each and every affected customer then only they will do something about it.
Till then they will keep getting away with slap on the wrist.