Late in the evening yesterday, Hong-Kong based Cathay Pacific Airways, Ltd. publically disclosed they suffered a data hack exposing the personal information of 9.4 million customers.
Here’s what we know:
- The Cathay Pacific hack is the largest hack on an aviation company in history.
- In the wake of the announcement, the company lost $201 million off its market value. Its stock value fell dramatically.
- The information exposed in the breach included names, nationalities, telephone numbers, email addresses, and physical addresses.
- About 860,000 passports were exposed.
- Reportedly, flight safety and passwords were not compromised.
- Cathay Pacific first became aware of suspicious network activity in March.
- They internally confirmed the breach in May.
Some experts speculate the delay in disclosing the breach related to the airline attempting to close the security gap responsible.
At time of writing it is unclear what, if any, response the Hong Kong government will have to the breach or if it will impose any liabilities or fines on Cathay Pacific. Stephen Kai-yi Wong, Hong Kong’s Privacy Commissioner, did express “serious concern” about it.
Also unclear from our research is how the breach occured—what security weaknesses or cyber attack caused the hack in the first place. All that has been confirmed so far has been a single tweet from the airline: “We have discovered unauthorized access to some of our passenger data.”
Rupert Hogg, CEO of Cathay Pacific, said in a statement: “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”
What Can Enterprises Learn From the Cathay Pacific Breach?
- There are real financial penalties for your enterprise suffering a data breach, even if you are not directly fined because of it.
- Waiting to publically disclose the breach or investigate it can create more panic and confusion among customers and regulators.
- Consumers and clients alike are not becoming inured to data breaches. Hacks can still create business difficulties even in the modern era.
Other Resources from Solution Review:
Latest posts by Ben Canner (see all)
- Key Findings: 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM) - July 10, 2020
- 2020 Vendors to Know: SOAR - July 8, 2020
- Should We Move to a New Definition of SIEM? - July 6, 2020