Firm once sued for data breach to assist Cathay


Cathay Pacific Airways Ltd. has enlisted a company that was itself once caught up in a hacking scandal to help deal with the fallout of a data breach that affected more than 9 million passengers. Asia’s biggest international carrier is offering customers hit by the hack — which saw passport details to emails illegally accessed — the option to take up a service provided by Experian Plc to monitor whether their information is being misused online.
But the Nottingham, England-based credit-tracking firm had its own experience with hacking in 2015, when a breach saw the data of 15 million subscribers of T-Mobile US Inc. held on Experian’s servers exposed. The company was sued over the incident, along with the teleco- mmunications provider.
Cathay has lost more than $320 million in market value since news of the hack broke, as investors and customers question the company’s handling of the situation. The airline, which said it first disco- vered the breach in March and confirmed it in May, didn’t disclose it until October 24, in a late-night statement to the Hong Kong stock exchange.
When queried on Experian’s history by Bloomberg News, Cathay declined to comment. The airline said the time taken to disclose the breach was mainly due to the complexity of the data, and because the event required considerable investigation. “We are focussed now on assisting affected customers.”
The airline is just the latest company to have its data hacked, with Facebook Inc., and fellow air carriers British Airways Plc and Delta Air Lines Inc. all targeted over the past year. While firms have spent millions of dollars on sophisticated tools to shield their computer networks from attack, data security has become increasingly challenging. Hackers are on the rise, with many stealing troves of personal data that can be sold on the black market and used to carry out financial crimes.
Experian helps track stolen data, when it shows up on websites, chat rooms, blogs or for sale in corners of the internet, often known as dark websites. It is entirely up to the user to decide how much information they want to share if they choose to subscribe to the one-year, free service, Cathay said in emails to affected passengers offering the service.
The security of customer data is “top priority,” and Experian aims to provide protection and assistance to those affected, Margaretta, company’s Singapore-based chief marketing officer for Asia Pacific, said in an email. Referring to the past incidents, she said Experian’s consumer credit database was not accessed and no payment card or banking information was obtained.
“We actively monitor our systems and are continually updating our security protocols to protect data stored on our systems,” she said. Laura Gabriela Politis, 36, a Cathay Pacific customer, said she isn’t sure she’d take up the offer to use the Experian service.

Leave a Reply

Send this to a friend