You have turned off cookies for this site. Please enable cookies for a better browsing experience.
Please upgrade your web browser
You are using an unsupported browser. See our supported browsers to enjoy the very best experience of our site.

Data security event

Latest update: 6 June 2019 23:55 HKT (GMT+8)

Update from Cathay Pacific:

We would once again like to express our great regret and to sincerely apologize for the incident.

We have co-operated closely with the PCPD and the relevant authorities in their investigations.

We have already taken a series of decisive measures to further enhance our IT security in the areas of data governance, network security, access control, education and awareness of our people, and incident response agility.

We have spent substantial amounts on IT infrastructure and security over the past three years and investments in this area will continue.

We have also enhanced our security team resources whose expertise is complemented by leading external cyber security experts.

These measures have improved our overall security and we believe they will help us prevent further unauthorized access to our systems.

However, we are aware that in today’s world, as the sophistication of cyber attackers continues to increase, we need to and will continue to invest in and evolve our IT security systems.

While our investigation reveals that there is no evidence of any personal data being misused to date, ID monitoring services continue to be available to affected passengers and stand ready to support our customers.

We will continue to co-operate with the PCPD to demonstrate our compliance and our ongoing commitment to protecting personal data.

On 24 October 2018, we informed the authorities of unauthorised access to some of our passenger data. Between 25 October and early November, we notified affected passengers via an individualised email or letter, which told each person the specific details of their accessed personal data.

We apologise for any concern that the data security event may have caused, and would like to reassure our customers that the systems affected were totally separate from our flight operations systems, and there was no impact on flight safety.

If you believe you have been affected, please register your enquiry with us or email infosecurity@cathaypacific.com.

Please note:

We are aware that attempted phishing is taking place, and would like to remind people that emails related to this data security event will only be sent from infosecurity@cathaypacific.com.  If you are setting up optional ID monitoring, the website address to enter your activation code is https://www.globalidworks.com/identity1.  Please do not click on any variations of this link.

Official emails relating to this data security event will be sent from an address with the format infosecurity@cathaypacific.com.

With regard to this data security event, we will never request your personal or financial information, and we will never ask for your password.

If you are concerned about an email, we recommend that you don’t click on any links, open any attachments or reply to it.

What to do if you believe you have been affected

If you are a member of the Marco Polo Club, Asia Miles or a Registered Account holder and if you have been affected by this event, we contacted you individually between 25 October and early November 2018.  We are very sorry for the concern that this may have caused you.

If you believe you may have been affected and you haven’t heard from us already, please register your enquiry with us or email infosecurity@cathaypacific.com..

The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information.

In addition, 403 expired credit card numbers were accessed.  27 credit card numbers with no CVV were accessed.

The combination of data accessed varies for each affected passenger.

No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised. 

If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually between 25 October and early November 2018. In that communication, we told you which specific types of personal information about you had been accessed.

If you haven’t been contacted already, please register your enquiry with us or email infosecurity@cathaypacific.com.

We are very sorry for any concern that this may cause you.

We have no evidence that any personal information has been misused. However, in an abundance of caution, we took the decision to notify everyone we believe may have been affected.

Where possible, we are offering ID monitoring services to affected passengers. This service monitors if your personal data may be available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised such as dark web sites.

If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually with relevant information between 25 October and early November 2018.

Although no-one’s travel or loyalty profile was accessed in full and no passwords were compromised, as best practice, we recommend that you consider:

  • Changing your passwords regularly
  • Checking for any suspicious activity
  • Being vigilant against phishing or other attempted scams

 

403 expired credit card numbers and 27 credit card numbers with no CVV were accessed, and between 25 October and early November 2018 we contacted individually those passengers whose credit card information was accessed.  We have no evidence that any personal information has been misused.

We have no evidence that any personal information has been misused.

No-one’s loyalty profile was accessed in full and no passwords were compromised.

If you have detected irregular activity in your Marco Polo Club or Asia Miles account, please contact member services of Marco Polo Club or Asia Miles.

In an abundance of caution and as best practice, we recommend you to

  • Change your passwords regularly
  • Check for any suspicious activity and
  • Stay vigilant against phishing or other attempted scams

If your credit card information was accessed in this event, you will be contacted directly.

If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.

If you believe you have been a victim of financial fraud, as always, you should contact your bank or your credit card company.

Although no-one’s travel or loyalty profile was accessed in full and no passwords were compromised, as best practice, we recommend that you consider:

  • Changing your passwords regularly
  • Checking for any suspicious activity
  • Being vigilant against phishing or other attempted scams

Where possible, we are offering ID monitoring services to affected passengers. This service monitors if your personal data may be available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised such as dark web sites.

If you are an affected member of the Marco Polo Club, Asia Miles or a Registered User, we contacted you individually between 25 October and early November 2018 with relevant information.

We have no evidence that any personal information has been misused. However, in an abundance of caution, we took the decision to notify everyone we believe may have been affected.

If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually between 25 October and early November 2018 with relevant information.

Where possible, we are offering ID monitoring services to affected passengers.  This service monitors if your personal data may be available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised such as dark web sites.

No. The IT systems affected were totally separate from our reservation and flight operations systems. You can check your booking with us on cathaypacific.com or contact your travel agent.

The safety and security of our passengers remains our top priority, and we want to reassure you that we took and continue to take measures to enhance our IT security.

The event impacted only a very small number of valid credit card numbers with no CVV, and the IT systems affected were totally separate from our reservation systems.

If your credit card information was accessed in this event, you have been contacted directly between 25 October and early November 2018.

If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.

As best practice, we also recommend that you check for any suspicious activity on a regular basis.

If your credit card information was accessed in this event, you have been contacted directly between 25 October and early November 2018.

If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.

The event impacted only a very small number of valid credit card numbers with no CVV.

We have no evidence that any personal information has been misused.

If your credit card information was accessed in this event, you have been contacted directly between 25 October and early November 2018.

If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.

Where possible, we are offering ID monitoring services to affected passengers, and we recommend that you enrol in these services if available.

If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually with relevant information between 25 October and early November 2018.

  • This notice is written in English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
  • Asia Miles is owned by, and provided to members by Cathay Pacific Airways Limited, and is managed and operated by Asia Miles Limited, a wholly owned subsidiary of Cathay Pacific Airways Limited, as an agent of Cathay Pacific Airways Limited.
  • Hong Kong Dragon Airlines Limited is a wholly owned subsidiary of Cathay Pacific Airways Limited and Cathay Pacific Airways Limited manages and provides IT support services to Hong Kong Dragon Airlines Limited.

 

Language - English     繁體中文     简体中文