The shares of Cathay Pacific Airways Ltd (0293.HK) dropped more than 6 percent on Thursday to nine years after data…
The shares of Cathay Pacific Airways Ltd (0293.HK) dropped more than 6 percent on Thursday to nine years after data from approximately 9.4 million passengers in Cathay and its unit, Hong Kong Dragon Airlines Ltd, had been
Cathay said late on Wednesday that in addition to 860,000 passport numbers and approximately 245,000 Hong Kong identity card numbers, the hackers had access to 403 credit card numbers and 27 credit card numbers without card verification value (CVV).
The company said it originally discovered suspicious activity on its network in March 2018 and investigations in early May confirmed that certain personal data had become available.
Hong Kong’s Civil Service Commission on Thursday expressed serious concern about data protection and urged airlines to inform passengers who were affected by the leak as soon as possible and explain details immediately.
The shares in Cathay Pacific beat ten percent on Thursday to HK $ 9.95, their lowest in nine years. This was compared with a fall of 2 percent for the reference number Hang Seng Index (.HSI).
It was not immediately clear who was behind the data crash or what the information could be used for.
Cathay said that Hong Kong’s police had been notified of the violation and that there was no evidence that personal data had been abused.
Data protection comes when the airline undergoes a turnaround aimed at lowering costs and increasing revenues after year-end losses, to make it better to compete against rivals from the Middle East, mainland and budget airlines.
In August, Cathay Pacific released a narrower half-year loss of a strong increase in airline and shipping prices and flagged expectations for a better second half despite economic advances from increasing trade tensions between the US and China.
The hack also comes more than a month after British Airways apologized for credit card information about hundreds of thousands of customers over a two week period in an attack on its website and app.
[ReportingbyAnneMarieRoantreeandDonnyKwok; Editing by Richard Pullin)