HONG KONG (Reuters) – Hong Kong’s privacy commissioner will launch a compliance investigation into Cathay Pacific Airways <0293.HK> more than a data breach involving 9.4 million passengers, saying the carrier can have violated privacy rules.
The airline has faced criticism to the seven-month delay within the October revelation of the breach inside data, not wearing running shoes said were being accessed without authorization, following suspicious activity included in the network in March.
“You will discover reasonable grounds to trust could possibly be a contravention of any requirement beneath the law,” Hong Kong’s Privacy Commissioner for private Data, Stephen Wong, said in a very statement.
“The compliance investigation might examine in detail, a few, the protection measures taken by Cathay Pacific in order to safeguard its customers’ information that is personal plus the airline’s data retention policy and workout,” he added.
It will cover Cathay’s fully owned subsidiary, Hong Kong Dragon Airlines Ltd, or Dragon Air, many of whose passengers were afflicted with the breach.
A Cathay Pacific spokeswoman said within a email to Reuters the airline was going through the statement and would “continue to cooperate fully while using authorities.”
The privacy watchdog said hello had received 89 complaints in connection with the cyber leak.
In addition for 860,000 passport numbers contributing to 245,000 Hong Kong identity card numbers, the hackers accessed 403 expired credit-based card numbers and 27 credit-based card numbers without card verification value (CVV), Cathay said.
It has not been immediately clear who was behind the individual data breach or the information may be used for, but Cathay said there was no evidence so far that any sensitive information were being misused.
Under Hong Kong law, the privacy commissioner can call witnesses, enter premises and hold public hearings while in the investigation, that could discover Cathay violated any element of the individual Data (Privacy) Ordinance.
The controversy has spurred calls from politicians and privacy advocates for Hong Kong to revamp its laws to help make the reporting of those potential data breaches mandatory.
Cathay’s share price initially plunged for its lowest since June 2009 after the scandal but has rebounded and recovered its losses. The stocks were up 1.7 percent on Tuesday afternoon.
The data breach comes amid an airline turnaround to trim down costs and boost revenue, after back-to-back a great deal of losses, so that it will better tackle rivals with the Middle East, mainland China and budget airlines.
In August, Cathay Pacific posted a narrower half-year loss with a strong rise in airfares and cargo rates and flagged expectations for that better loved one, despite economic headwinds from mounting U.S.-China trade tension.
(Reporting by Hong Kong newsroom and Donny Kwok; Editing by Clarence Fernandez)