top of page

Cathay Pacific Data Breach Saga

In our introductory article presenting Cybersecurity360 in our website and our social media account, we mentioned the data breach in Cathay Pacific, the premier airline in Hong Kong. The breach was announced on 24th October 2018 by Cathay Pacific even though the hacking happened few months before.

When Cathay announced the breach, the Hong Kong authorities announced that they are looking into the matter and will be liaising with the airline to determine the extent and cause of the breach. To date, there is no updates yet either from Cathay Pacific or the authorities as to the progress of their investigation. On a similar note, the same applies to British Airways who earlier in 2018 announced that they also suffered a data breach and are investigating into it. Until to date, there have been no progress report from British Airways as to the status of their investigation.

On 2nd January 2019, the ticketing system of Cathay Pacific apparently went haywire for a few hours that resulted in the airline advertising and selling First and Business Class tickets departing from Vietnam to cities in the US for a fraction of their original prices. Cathay came out and announced that it was a glitch in their IT system that caused the error but they will honour all the tickets sold.

On 14 January 2019, 12 days later, Cathay again suffered the same glitch advertising and selling First And Business class tickets to European cities for a tenth of their original prices. This time, an official spokesperson from Cathay said it was an input issue and they are looking into the glitch internally and externally with their vendors. Both these blunders is expected to costs Cathay Pacific millions in lost revenues. Luckily the airline agreed to make good on the error or it could have costs more damages and untold millions in trying to repair and restore their image and reputation.

These errors happening in so short a time is unprecedented. Is there something more than meets the eye?

Was the hacking announced in October 2018 got anything to do with these two recent events?

What mitigation measures were implemented by Cathay pursuant and in response to the breach announced in October last year? The public and their passengers whose details were leaked during the breach would love to know.

Is this the beginning of more troubles for Cathay Pacific as a result of the breach in 2018?

Are the shareholders - especially those institutional investors who held chunks of shares in Cathay going to demand for heads to roll and or sue Cathay for damages arising from the breach that caused the airline to lose untold millions thereby diminishing the value of their investments?

There are a lot of unanswered questions currently, pertaining to these three events that happened so close to each other within a short space of time. Would we get to see more stories or incidents unfolding in the next few months on this matter that started with the announcement of the breach in October 2018?

Stay tuned. We will keep everyone updated as and when news emerged on this saga.


bottom of page