Cathay Pacific Airways Ltd. has enlisted a company that was itself once caught up in a hacking scandal to help deal with the fallout of a data breach that affected more than 9 million passengers.
Asia’s biggest international carrier is offering customers hit by the hack – which saw passport details to emails illegally accessed – the option to take up a service provided by Experian Plc to monitor whether their information is being misused online.
But the Nottingham, England- based credit-tracking firm had its own experience with hacking in 2015, when a breach saw the data of 15 million subscribers of T-Mobile US Inc. held on Experian’s servers exposed. The company was sued over the incident, along with the telecommunications provider.
Cathay has lost more than USD320 million in market value since news of the hack broke, as investors and customers question the company’s handling of the situation. The airline, which said it first discovered the breach in March and confirmed it in May, didn’t disclose it until Oct. 24, in a late-night statement to the Hong Kong stock exchange.
When queried on Experian’s history by Bloomberg News, Cathay declined to comment. The airline said the time taken to disclose the breach was mainly due to the complexity of the data, and because the event required considerable investigation. “We are focused now on assisting affected customers.”
The airline is just the latest company to have its data hacked, with Facebook Inc., and fellow air carriers British Airways Plc and Delta Air Lines Inc. all targeted over the past year. While firms have spent millions of dollars on sophisticated tools to shield their computer networks from attack, data security has become increasingly challenging. Hackers are on the rise, with many stealing troves of personal data that can be sold on the black market and used to carry out financial crimes.
Experian helps track stolen data, when it shows up on websites, chat rooms, blogs or for sale in corners of the internet, often known as dark websites. It is entirely up to the user to decide how much information they want to share if they choose to subscribe to the one-
year, free service, Cathay said in emails to affected passengers offering the service.
The security of customer data is “top priority,” and Experian aims to provide protection and assistance to those affected, Sisca Margaretta, the company’s Singapore-based chief marketing officer for Asia Pacific, said in an email. Referring to the past incidents, she said Experian’s consumer credit database was not accessed and no payment card or banking information was obtained.
“We actively monitor our systems and are continually updating our security protocols to protect data stored on our systems,” she said.
Laura Gabriela Politis, 36, a Cathay Pacific customer, said she isn’t sure she’d take up the offer to use the Experian service.
“That company has [had] a data breach themselves – and they’re asking for more information when your data has been compromised,” said the Hong Kong-based traveler, who often flies to Singapore, the U.S. and Europe both for business and on vacation. “I still don’t understand why it took them months to let us know.”
The information accessed in the Cathay hack included names, nationalities, dates of birth, phone numbers, emails, physical addresses, numbers for passports, identity cards and frequent-flier programs, as well as historical travel information. Flight safety wasn’t compromised and there was no evidence any information has been misused, Cathay said, without revealing details of the origin of the attack.
Hong Kong’s government said Friday it is “highly concerned” about the incident and has asked the airline to “fully cooperate” with the Privacy Commissioner for Personal Data on a compliance check.
The delay in disclosing the breach could expose Cathay to lawsuits, said Robert Braun, a partner at Jeffer Mangels Butler & Mitchell LLP in Los Angeles and co-chair of the firm’s cybersecurity and privacy group.
“That’s always a problem when you have that kind of delay,” he said. “That means the information is out in the wild and people aren’t aware they can take steps to protect it.” Bruce Einhorn, Kyunghee Park and Jinshan Hong, Bloomberg
On the deep web there are also lots of legal sites, that for some reasons want to remain anonymous… well I think nothing you cannot already find on the normal web, but one can always go surfing the deep web by curiosity. At the end, everyone says that the deep web is much bigger than the “known web”, so probably a lot of people are fascinated by this fact, and are more and more curious to take a look at the deep web. As one simply surfs the deep web without watching pedopornography, buying illegal things and doing other illegal things, he can satisfy his curiosity… however yes, I agree to the fact that we shoud not do anything of particular on the deep we: if someone is curious, after he has satisfied his curiosity, I think he can forget about the deep web and not go there anymore!
I like what you guys are up too. Such smart work and reporting! Carry on the excellent works guys I’ve incorporated you guys to my blogroll. I think it will improve the value of my web site :).
Like so many other people in here I too had no idea that there was A world called Darknet.
It would not be of any benefit to me to even go there as i find the regular net troublesom enough.
However I do thank you for the article on this matter and it did make interesting read.