Unpacking the Cathay Pacific Data Hack for Enterprises

Unpacking the Cathay Pacific Data Hack for Enterprises

Note: Picture does not depict Cathay Pacific airplane

Late in the evening yesterday, Hong-Kong based Cathay Pacific Airways, Ltd. publically disclosed they suffered a data hack exposing the personal information of 9.4 million customers.

Here’s what we know:

  • The Cathay Pacific hack is the largest hack on an aviation company in history.
  • In the wake of the announcement, the company lost $201 million off its market value. Its stock value fell dramatically.  
  • The information exposed in the breach included names, nationalities, telephone numbers, email addresses, and physical addresses.
  • About 860,000 passports were exposed.
  • Reportedly, flight safety and passwords were not compromised.
  • Cathay Pacific first became aware of suspicious network activity in March.
  • They internally confirmed the breach in May.

Some experts speculate the delay in disclosing the breach related to the airline attempting to close the security gap responsible.    

At time of writing it is unclear what, if any, response the Hong Kong government will have to the breach or if it will impose any liabilities or fines on Cathay Pacific. Stephen Kai-yi Wong, Hong Kong’s Privacy Commissioner, did express “serious concern” about it.

Also unclear from our research is how the breach occured—what security weaknesses or cyber attack caused the hack in the first place. All that has been confirmed so far has been a single tweet from the airline: “We have discovered unauthorized access to some of our passenger data.”

Rupert Hogg, CEO of Cathay Pacific, said in a statement: “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”

What Can Enterprises Learn From the Cathay Pacific Breach?

  • There are real financial penalties for your enterprise suffering a data breach, even if you are not directly fined because of it.
  • Waiting to publically disclose the breach or investigate it can create more panic and confusion among customers and regulators.
  • Consumers and clients alike are not becoming inured to data breaches. Hacks can still create business difficulties even in the modern era.  

Other Resources from Solution Review: 

The 10 Coolest SIEM and Security Analytics CEO Leaders

5 Tips for Setting Up a Security Operations Center (SOC)

Get Your Employees to Embrace SIEM Best Practices!

4 Tips to Make Data Breach Detection Easier For Your Enterprise

Enterprises: Don’t Become Complacent in Your Cybersecurity!

How to Make Your SIEM Solution Deployment Easier for Your Enterprise

Comparing the Top SIEM Vendors — Solutions Review

   

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *