Our data breach attorneys are investigating allegations that Cathay Pacific Airways failed to adequately secure its customers’ data, resulting in a data breach affecting 9.4 million customers of both Cathay Pacific and subsidiary Hong Kong Dragon Airlines. Some are already wondering if the hack will lead to a Cathay Pacific data breach lawsuit.
Forbes reports that the hack affected the following Cathay Pacific and Dragon passenger-data: passenger name, password number, identity card and frequent flyer program numbers, data of birth, nationality, email address, phone number, communications with Cathay customer service, and records of all flights the passenger had taken.
Reuters: Cathay Pacific Knew about the Data Breach Since March 2018
Reuters reports that Cathay Pacific first learned that their systems had been hacked in March 2018. “Consumers that were compromised went almost 6 months before knowing their information was exposed,” says Rusty Carter, VP of Arxan Technologies, an information security company.
Cathay: Only 860,000 Passport Numbers Exposed
According to Cathay Pacific Airways, only 860,000 passengers had their passport numbers stolen by the hackers. Cathay assured customers, “No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.” According to Forbes, Cathay Pacific is assuring passengers that its IT systems for flight controls are safe, even though its systems for storing customer information were hacked.
Forbes notes how serious it is to have your passport number stolen, noting that hackers and scammers may be “building sophisticated, comprehensive dossiers on these victims, which go far beyond credit card information potentially exposing them to tax frauds or identity theft.”
Cathay Pacific Sending Data Breach Notifications to Affected Customers
According to Cathay’s data breach notification letter, it is individually notifying customers who had their information compromised by the hackers. Cathay says:
If you are an affected member of the Marco Polo Club, Asia Miles or a Registered User, you will be contacted individually in the coming days. In that communication, we will tell you which specific types of personal information about you may have been accessed.
Cathay Decides to Offer Credit Monitoring Through Experian
Bloomberg reports that Cathay Pacific has decided to offer affected customers a monitoring service for tracking identity theft, offered by Experian. Bloomberg points out that Experian had its own data breach in 2015, when hackers acquired access to an Experian server housing information on 15 million individuals, who were current or former customers of T-Mobile.
Cathay declined to comment when asked about Experian’s 2015 data breach, according to Bloomberg.
Our Data Breach Experience
Our attorneys served in a court-appointed leadership role in the Anthem data breach class action, and helped achieve a $115 million settlement for victims of the Anthem data breach. The settlement received final approval from the court in August 2018.
Our data breach lawyers also currently serve in court-appointed leadership positions in the Equifax data breach lawsuit, Banner Health data breach lawsuit, and Excellus Health data breach lawsuit.
We’ve also achieved landmark results in our past data breach cases, including the Adobe data breach litigation, UCSF data breach lawsuit, and Health Net of California data breach litigation.