Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Cathay Apologizes Over Data Breach but Denies Cover-up

The top two executives at Hong Kong carrier Cathay Pacific on Wednesday apologized for the firm’s handling of the world’s biggest airline hack that saw millions of customers’ data breached but denied trying to cover it up.

The top two executives at Hong Kong carrier Cathay Pacific on Wednesday apologized for the firm’s handling of the world’s biggest airline hack that saw millions of customers’ data breached but denied trying to cover it up.

The CEO and chairman also said the crisis “was one of the most serious” in the embattled firm’s history and would act differently in a similar situation in future.

The pair were summoned to the city’s legislative council to explain to lawmakers why it had taken five months to admit it had been hacked and the data of 9.4 million customers compromised, including passport numbers and credit card details.

Lawmakers slammed the delay as a “blatant attempt” to cover up the incident and thereby deprive customers of months of opportunities to take steps to safeguard their personal data.

However, chairman John Slosar said: “I’d like to make it absolutely clear that there was never any attempt to cover anything up.”

He added: “I see it as one of the most serious crises that our airline has ever faced.”

Earlier he had read a statement to LegCo in which he said: “I must personally apologise directly to you and the people of Hong Kong.”

It emerged this week that the breach was the result of a sustained cyber attack for three months.

Advertisement. Scroll to continue reading.

The airline had discovered suspicious activity on its network in March and confirmed unauthorised access to certain personal data in early May but did not make it public until October 24.

CEO Rupert Hogg explained the company needed time to establish the nature of attacks, contain the problem and identify stolen data, but said it “did regret the length of time” it took.

“We’ve learnt a lot of lessons from trying to do what we believe was right, which was to get accurate information about our customers, make sure that we knew what information pertained to them. We would do it a different way tomorrow indeed,” Hogg said.

When pressed by lawmaker Kwok Ka-ki on whether Cathay would report to its customers immediately if there was another leak, Slosar said: “We will report instantly, yes.”

Slosar also told lawmakers that the data breach issue was of great public interest but the information was not material or price sensitive.

The airline has contacted the customers affected.

The firm is already battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals.

It booked its first back-to-back annual loss in its seven-decade history in March and has previously pledged to cut 600 staff including a quarter of its management as part of its biggest overhaul in years.

Hong Kong-listed shares in the firm ended up 2.25 percent at HK$10.90.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.