The personal data of over 100,000 Filipinos, including passport and credit card information, were compromised in a data breach at Cathay Pacific Airways last March. According to a report by the National Privacy Commission (NPC) data breach was confirmed only on last May and news of the Filipinos becoming affected was only announced on late October.
Up to 9.4 million passengers of the airline were affected by the data leak and data like passport numbers, identity card numbers, email addresses, and credit card details were exposed.
According to Cathay Pacific’s report to NPC, about 102,209 Filipinos had their data compromised, with about 5,700 passport numbers and 144 credit card numbers from the Philippines being accessed to.
However, the airline assured NPC that no travel or loyalty profile were fully accessed and that no passwords were compromised.
Cathay also announced that it had launched an investigation and alerted the police regarding the matter. NPC has since ordered the airline to “explain the remediation measures taken following a data breach in a mandatory report.”
“On the face of the report, Cathay’s measures that have ‘enhanced the security and monitoring with its environment’ and ‘working with [Mandiant], as well as other cybersecurity experts, to implement measures to prevent future unauthorized access to its systems and databases, as well as further enhance its IT security generally’ does not meet required specificity required of notifications to this Commission,” the NPC said.