http://www.hkexnews.hk/listedco/listconews/sehk/2018/1024/LTN20181024757.pdf



Cathay Pacific Airways Limited (the "Company") has discovered unauthorised access to some of its passenger data and that of its wholly owned subsidiary, Hong Kong Dragon Airlines Limited. The Company is aware that the passenger data of approximately 9.4 million people has been accessed. The Company has no evidence that any personal information has been misused. The information systems affected were separate from the Company’s flight operations systems. There is no impact on flight safety.



The types of personal data accessed were the names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks and historical travel information.

It's made the press in Australia:

https://www.9news.com.au/2018/10/25/10/16/ten-million-cathay-pacific-passengers-affected-in-cyberattack

Share price has fallen over 6% amid a HK$4b fine by the EU for not meeting the General Data Protection Regulations where companies must report such incidents within 72 hrs.

TTW!!!

That would surprise me (the fine) - lthe EU law didn't come into place until end May this year

HK$4b fine

Don’t worry, our 13th month should cover that :*

Years of not playing catch up IT departments a shambles, FOP department a shambles, staff moral a shambles, recruitment a shambles, HAECO maintenance a shambles, resignation rates skyrocketing.

CX Management you need to take a good look in the mirror
Will someone stand up play with the big boys and start running this airline!!

This is embarrassing I no longer wear a CX uniform with pride :-(

The rot in this company is setting in...

Let me guess....probably they going to receive a fine of some sorts (maybe even taken to court ....again) and the pilots don't get any increase, RP's are not in place, no 13th month last year and probably this year,ARAPA on the table, no HKPA increase

BUT our fantastic AOA are telling us that we have not lost anything???? DS are you kidding me? Are you or your group of idiots on the GC going to pay me loss of income because of all your useless negotiations and my loss of upgrade dates etc? Or not accepting that call do earn overtime???

What ever the GC will produce to its member you better think its worth the deal!!!!!!!!!
If its not better than TA16 I will be voting NO!!!!!!!! and get DS kicked off this GC, we don't need a jellyfish running our AOA.

1 year ago BA outsourced it's IT Division, sacking 95% of it's home grown IT talent. A week after the last employee left, the BA IT systems starting "acting up". Data breaches, lost reservations, FOP mis-matches and numerous viruses found !

Sounds like perfect timing to delay the announcement, leading to 13th month payment cancelled due impending fines/legal costs.
Et Voila!

Sounds like perfect timing to delay the announcement, leading to 13th month payment cancelled due impending fines/legal costs.
Et Voila!




BA paid out over GBP2 million in compensation when their IT system went tits up last year and it knocked 5% off their share value overnight.

BA paid out over GBP2 million in compensation when their IT system went tits up last year and it knocked 5% off their share value overnight.

Cathay: Hold my beer. Anything BA can do, we can do better

There truly seems to be no end in sight in this place. Given the size and cost of our IT department we should have the most advanced digital framework and solutions in the industry.

I guess the silver lining is that this time the company did not wilfully engage in illegal practises to earn the fine. This one seems to be just incompetence.

Always look on the bright side :}

Lessonlearnt: don't tar the whole GC with the same DS brush. And you're welcome to join the GC, or perhaps run for DS's position.

They probably hacked into FOP, saw the KA rosters and thought, f#^# this , those poor guys, nothing worth plundering 😂😂

Chief executive Rupert Hogg apologised and said there was "no evidence" the information had been misused.
https://www.bbc.com/news/business-45974020


Wonderful corporate PR weasel words! What he should have said was "We don't know if the information has been misused."

A senior executive was on a RTHK program this morning, his answer to what took so long to reveal was because they don’t want to cause unnecessary panic... :ugh::ugh:

From another industry but a good rule of thumb on outsourcing is never do it for anything business critical . In airlines IT is critical outsource it at your peril but as you seem to be suffering from the MBA management syndrome of as long as it looks good for the next two years I dont care you are not going to get any sensible management input on anything

Good luck-I always enjoyed travelling with you folk in the past and it is sad to see whats becoming of CX

A senior executive was on a RTHK program this morning, his answer to what took so long to reveal was because they don’t want to cause unnecessary panic... :ugh::ugh:

"We acted immediately to contain the event" Says Mr Hogg. 2-3 months ago, according to RTHK. Un-defendable incompetence.

Lets not forget, as per the internal memo, the details of all Flight crew and cabin crew ID's, photos, emails and personal addresses are included in the data breach .

A major security concern. Potentially, these Pilot and Cabin crew company security identity cards can now be copied and sold on to any terrorist organisation.

From another industry but a good rule of thumb on outsourcing is never do it for anything business critical . In airlines IT is critical outsource it at your peril but as you seem to be suffering from the MBA management syndrome of as long as it looks good for the next two years I dont care you are not going to get any sensible management input on anything

Good luck-I always enjoyed travelling with you folk in the past and it is sad to see whats becoming of CX

Thanks for your input from outside the box. Tell your friends and work colleagues CX is finished.

I have just received a personalized 1000 word email from Rupert, the gist of which is:

The following types of personal data about you were accessed:

Email Address
Name
Telephone Number
Title
Your travel or loyalty profile was not accessed in full, and your password was not compromised.


However, he prefaces that information with:
We are very sorry for any concern that this event may cause you...

That's alright then!

He closes with the usual platitude:
Your safety and security remains our top priority.


Yours sincerely,

Rupert Hogg
Chief Executive Officer
Cathay Pacific Airways Limited

Rupert,

If that is the case, how come you waited EIGHT MONTHS to tell me?

He also included a link to a website containing more information:

http://infosecurity.cathaypacific.com

"We acted immediately to contain the event" Says Mr Hogg. 2-3 months ago, according to RTHK. Un-defendable incompetence.

Lets not forget, as per the internal memo, the details of all Flight crew and cabin crew ID's, photos, emails and personal addresses are included in the data breach .

A major security concern. Potentially, these Pilot and Cabin crew company security identity cards can now be copied and sold on to any terrorist organisation.


yes, the Hong Kong stock market acted immediately as well... big bashing overnight... what a public relations blunder... hiding such info from us for more than half a year and then telling us "we found no evidence that any data has been used", rather than assuring us that all is good and solved. Not doing so gives a clear statement: They know nothing about this hacking and know nothing what has happened to our confidential data,. I am an affected passenger and have asked for personal and professional explanation and clarification, rather than these anonymous website and emails; for all we know this data fraud/ hacking is still ongoing. Hogg's message is so NOT assuring that one MUST assume the very opposite of what he is stating,.

Nothing short of a total and complete breach! CX has no idea what actually happened and does NOT care. All the information and its usage is at the discretion of the hacker(s). Don’t be fooled by empty CX platitudes...

With all this negative press and a share price in freefall, I guess the last thing management would want is the pilots threatening disruption over Christmas and CNY. Perhaps that is what we should give them?:\,

Good to know lawyers are ready to help.
https://cathaydatabreach.com/

If I were a betting person, I would bet on a few things here:

1. At some point in the last 4 - 5 years or so, some IT type has put forward a request for funds for IT security.
2. Following that, at an ECC meeting (the prince's which dole out the cash), the IT person was grilled.
- Can our customers see this ?
- Does this increase our profit ?
- Has this ever happened here before ?
- Is this part of our "core" business ?

Of course no was the answer to the manager with very good intentions; Funds Denied.

Now fast forward a bit and guess where we are; lawyers suing, Americans suing, EU suing etc. etc. etc...

Who turned down the funding for IT security ? Will they name that person?

Will that person get fired ?

Nah...........

Vital FOP data has also been compromised, including crew names, ranks and addresses.

Unreal.

Does this mean CX pilots can join a class action?

Does this mean CX pilots can join a class action?

I would like to know this as well. Perhaps the AOAs will be issuing guidance.

I would like to know this as well. Perhaps the AOAs will be issuing guidance.

i’m giving you the benefit of the doubt that this statement is very much tongue in cheek....

DS, either stand up as a leader and fight for our contract, or GET OUT OF THE WAY. We need a strike vote, now. There is no other option open. If you don't have the courage to propose that, then at least have the dignity to admit as much and resign. I would respect you for that.

Good to know lawyers are ready to help.
https://cathaydatabreach.com/

Hmm, should I trust a law firm that doesn't even proof-read its documents?

We are passionate about winning this case and are determined to hold VW to account.

I have just received a personalized 1000 word email from Rupert, the gist of which is:
......
Your travel or loyalty profile was not accessed in full, and your password was not compromised.
......Clearly, the hackers didn't need anyone's password to breach the IT systems! :D

Good to know lawyers are ready to help.
https://cathaydatabreach.com/Lawyers ........ like flies converging on a fresh turd. :rolleyes: You can bet on the likelihood that, of any compensation paid out, the lawyers will get a hugely undeserved proportion.

Are we certain that RH's letter isn't actually from the hackers....? :ooh:

http://m.scmp.com/news/hong-kong/law-and-crime/article/2170515/cathay-pacific-data-leak-british-based-law-firm-urges

And the news is onto the case. Damn those first world labour laws.

And here we go again; been a while since a major lawsuit (except for the Paris Basing "payout" this year) so I suppose it's time for another massive profit eating court-case/lawsuit.
Likewise, the "leader" who denied the ECC request for much needed funding to upgrade the IT security systems received an even more massive year end bonus is, I'm sure, still grinning while having a GnT on the stern of his yacht now moored in Monte Carlo... The Swire MO.

If I were a betting person, I would bet on a few things here:

1. At some point in the last 4 - 5 years or so, some IT type has put forward a request for funds for IT security.
2. Following that, at an ECC meeting (the prince's which dole out the cash), the IT person was grilled.
- Can our customers see this ?
- Does this increase our profit ?
- Has this ever happened here before ?
- Is this part of our "core" business ?

Of course no was the answer to the manager with very good intentions; Funds Denied.

Now fast forward a bit and guess where we are; lawyers suing, Americans suing, EU suing etc. etc. etc...

Who turned down the funding for IT security ? Will they name that person?

Will that person get fired ?

Nah...........


What did you expect?
CX IT has been widely known as a joke for many years. EFB, windows 8, etc etc etc.

Funding for security? Not sure they can even SPELL IT security!

Motto : Cathay IT: Delivering yesterdays technology tomorrow.

Says it all!

Bye-bye Paul. ...

This is going to get a whole lot worse.

https://www.scmp.com/news/hong-kong/hong-kong-economy/article/2170622/cathay-pacific-calls-hong-kong-police-help

This is going to get a whole lot worse.

https://www.scmp.com/news/hong-kong/hong-kong-economy/article/2170622/cathay-pacific-calls-hong-kong-police-help

"Of particular concern was one of the scams which involved recruiting pilots from foreign countries to Hong Kong under promise of a bona-fide airline contract only to find they'd get stuck there with no way to pay the bills. A variation of this scheme is the "bait and switch" -- where pilots going through training are promised one contract and then given another shortly before beginning employment."

This is going to get a whole lot worse.

https://www.scmp.com/news/hong-kong/hong-kong-economy/article/2170622/cathay-pacific-calls-hong-kong-police-help


It is truly unbelievable how poorly this is handled by CX management. If I assume IT security is top notch (although with this company, nothing can be assumed), such data theft can happen and does happen. What is very unacceptable is that this has been hidden for 7 months; referring to a previous post, the theft of cabin and cockpit crew data is obviously still being hidden; that much to no "effect on flight safety". This case, very unfortunately, underlines the general management style of this company. It is a mix of arrogance (to believe its peers, shareholders, customers, suppliers, employees.. put up with such unbelievable incompetence, declining services, pay cuts- for the crew- etc.) and the incompetence itself. How can all these Swire inbreds still be there? When will some outside blood finally come in to save the company? What does it help CX/Swire if the complete management team have been employed within the Swire Group since decades; telling themselves since decades how great they are... when will Swire wake up???

It is truly unbelievable how poorly this is handled by CX management. If I assume IT security is top notch (although with this company, nothing can be assumed), such data theft can happen and does happen. What is very unacceptable is that this has been hidden for 7 months; referring to a previous post, the theft of cabin and cockpit crew data is obviously still being hidden; that much to no "effect on flight safety". This case, very unfortunately, underlines the general management style of this company. It is a mix of arrogance (to believe its peers, shareholders, customers, suppliers, employees.. put up with such unbelievable incompetence, declining services, pay cuts- for the crew- etc.) and the incompetence itself. How can all these Swire inbreds still be there? When will some outside blood finally come in to save the company? What does it help CX/Swire if the complete management team have been employed within the Swire Group since decades; telling themselves since decades how great they are... when will Swire wake up???

Four years ago a university pal of mine who runs his own UK based IT company made a bid to take over the CX IT security. He had managed the IT security passes at the London 2012 Olympics. In his presentation at CX City he told the management attending that the CX sytems were "archaic" and open to hacking and extortion. "Prove it" came the challenge and they broke the meeting for lunch. In the afternoon session my pal continued his presentation and presented printed first class tickets to every manager present for a round trip to JFK the cost deducted from each and evey managers company credit card. He then went on to show them that the bookings were already in the CX system and there was absolutely no record of who/when or how the bookings were made.

He didn't get the contract but flew back first class !!

Four years ago a university pal of mine who runs his own UK based IT company made a bid to take over the CX IT security. He had managed the IT security passes at the London 2012 Olympics. In his presentation at CX City he told the management attending that the CX sytems were "archaic" and open to hacking and extortion. "Prove it" came the challenge and they broke the meeting for lunch. In the afternoon session my pal continued his presentation and presented printed first class tickets to every manager present for a round trip to JFK the cost deducted from each and evey managers company credit card. He then went on to show them that the bookings were already in the CX system and there was absolutely no record of who/when or how the bookings were made.

He didn't get the contract.


so it is note "fate" and mismanagement but gross negligence; interesting

so it is note "fate" and mismanagement but gross negligence; interesting

I understand a class law suit is underway in HKG. We can all sign up to it. Awaiting details.

Four years ago a university pal of mine who runs his own UK based IT company made a bid to take over the CX IT security. He had managed the IT security passes at the London 2012 Olympics. In his presentation at CX City he told the management attending that the CX sytems were "archaic" and open to hacking and extortion. "Prove it" came the challenge and they broke the meeting for lunch. In the afternoon session my pal continued his presentation and presented printed first class tickets to every manager present for a round trip to JFK the cost deducted from each and evey managers company credit card. He then went on to show them that the bookings were already in the CX system and there was absolutely no record of who/when or how the bookings were made.

He didn't get the contract.

He didn't get the contract, no doubt because it was deemed to be too expensive. Cathay view IT security just like training: Its a cost not an investment. But once it all goes badly wrong in either case, there will be unlimited funds to fix it pronto-for a short time of course.

United, if your story is true and I accept that is is, surely your friend would have kept or created proof of such a shocking example and could now forward that to ALL concerned including, even as a "courtesy", the Swire Buffoons and Cathay clowns responsible?

From SCMP today:

"Meanwhile, Privacy Commissioner Stephen Wong Kai-yi criticised the airline for not replying to his organisation’s request for information six days after the breach was made public, and hinted that its actions were not those of a responsible organisation."

Cathay's arrogance is quite literally breathtaking They really do seem to believe they are answerable to no one. Well I'm pretty sure someone, very soon ,will disabuse them of that view.

He didn't get the contract, no doubt because it was deemed to be too expensive. Cathay view IT security just like training: Its a cost not an investment. But once it all goes badly wrong in either case, there will be unlimited funds to fix it pronto-for a short time of course.

United, if your story is true and I accept that is is, surely your friend would have kept or created proof of such a shocking example and could now forward that to ALL concerned including, even as a "courtesy", the Swire Buffoons and Cathay clowns responsible?

I'll ask him.