Hong Kong’s privacy commissioner will Establish a compliance Evaluation to Cathay Pacific Airways Within a data breach involving 9.4 million passengers, saying the carrier may have violated privacy Regulations.
The airline has faced criticism for the seven-month delay in its October revelation of the breach in the data, which it said was accessed without authorisation, after questionable activity in its own network in March.
“There are reasonable grounds to believe there might be a contravention of a requirement under the law,” Hong Kong’s Privacy Commissioner for Personal Data, Stephen Wong, said in a statement.
“The compliance analysis will examine in detail, amongst others, the security measures taken by Cathay Pacific to protect its clients’ private data along with the airline’s data retention policy and practice,” he added.
It is going to also insure Cathay’s fully owned subsidiary, Hong Kong Dragon Airlines Ltd, or Dragon Air, some of whose passengers were influenced by the breach.
A Cathay Pacific spokeswoman said in an email to Reuters that the airline had been studying the statement would”continue to cooperate fully with the authorities.”
The privacy watchdog said it had obtained 89 complaints related to the cyber leak.
Along with 860,000 passport numbers and roughly 245,000 Hong Kong identity card numbers, the hackers obtained 403 died credit card numbers and 27 credit card numbers with no card verification value (CVV), Cathay explained.
It wasn’t immediately clear who was behind the private data breach or what the data might be used for, but Cathay stated there was no evidence that any private information was misused.
Under Hong Kong law, the privacy commissioner could call witnesses, enter premises and hold public hearings in the analysis, which will check whether Cathay violated any requirement of the Personal Data (Privacy) Ordinance.
The controversy has spurred calls from politicians and privacy advocates for Hong Kong to revamp its own laws to create the coverage of these possible data breaches required.
Cathay’s share price originally dropped to the lowest since June 2009 after the scandal but has rebounded and regained all its losses. The stocks were up 1.7 percent on Tuesday afternoon.
The information breach comes amid a airline turnaround to lower costs and increase revenue, after devoting years of declines, in order to better compete with rivals from the Middle East, mainland China and budget airlines.
Back in August, Cathay Pacific posted a narrower half-year reduction on a strong rise in airfares and freight prices and flagged expectations for a much better second half, even though economic headwinds from mounting U.S.-China trade tension.