Cathay Pacific Could Be Facing A USD 500 Million Fine Under The European GDPR

Hong Kong’s flagship carrier announced it had discovered unauthorised access to passenger data, including passengers’ names, nationalities, dates of birth, telephone numbers, emails, physical addresses, passport numbers, Hong Kong identity card numbers, frequent flier programme membership numbers, customer service remarks and travel history. The suspicious activity was detected in March and an investigation confirmed unauthorised access early May, which makes the disclosure timing questionable. Indeed, while the Office of the Privacy Commissioner for Personal Data only encourages notification of data breaches through a non-binding guidance, the GDPR sets a mandatory 72 hours deadline for reporting data breaches to Data Protection Authorities after the breach is confirmed.

According to the GDPR extra-territorial effects, Cathay Pacific is facing a fine that is tremendously greater than what is allowed by the local law.

DATA BREACH CASES ON THE RISE IN ASIA, ESPECIALLY IN CHINA

Just last August, one of the largest data leakage in China occurred, hitting Huazhu Hotels Group, which owns more than 10 hotel brands and manages more than 3,800 hotels across 382 mainland cities. The breach involves 130 million hotel clients and was discovered because of a post on a dark web forum, where clients’ personal data and booking information were on sale for a few bitcoins.

In June 2018, Klook, the Hong Kong-based travel booking platform, suffered a data breach incident. Based on the company statement the incident was the result of a malicious JavaScript code associated with a third-party web-based analytics tool, SOCIAPlus, leaking personal information including credit card details According to Klook, around 8% of user may have been affected.

Last May, Meituan Dianping, the Chinese internet giant, which includes food delivery and e-commerce platforms, launched an investigation regarding a potential data breach that could expose private information of thousands of users, such as names, mobile phones and home addresses.

DATA LOSS / LEAKAGE PREVENTION MEASURES TO FOSTER CYBERSECURITY

According to the Breach Level Index website, more than 3 billion data records were leaked or compromised in the first half of 2018, a 72% increase compared to H1 2017. The main cause for data leaks is external attacks by malicious outsiders, which represents 56% of cases for H1 2018. Accidental loss is the second source of data breaches, with 34% of cases in the same period.

With increasing data leakage cases, data protection is among the key priorities for companies. Data Leakage Prevention (DLP) programs should be at the top of Chief Information Security Officers’ agenda. The program should be shaped according to the 3 main pillars of Data Protection: