SCMP 13 Nov.

https://www.scmp.com/news/hong-kong/law-and-crime/article/2172796/cathay-pacific-cyberattack-far-worse-previously-thought

Seems CX just can't help themselves when it comes to "embellishing" facts. That is until they get caught in another scam, price fixing, failing to report to shareholders, failing to report to SFC, lying to cadets that are in Adelaide etc. etc. etc..

Lawsuits, massive profit eating fines to follow. Maybe they can request a ticket surcharge for a variable incompetence factor that can be adjusted every financial quarter ?

Now that they have admitted the time scale I guess that this now means they can be fined by the Europeans for contravening the new data protection laws.

It is just fun to watch some people fail
:D :D :D

Probably no business case for a Security Module to be added to the system.

What about an OPED from the SCMP on the track record of this management group over the last 3 years? Court Cases for corruption, Fines, Fuel Hedging, Aircraft Cabins, more court cases and now a massive Security breach. How is Slosar still anywhere near this place?

It's now getting to the point where Swire would rather sell thier CX/KA shares than see one of their princes' lose face, the question is who is going to buy it, Qatar or m Air China?

Today's IntraCX main page is indicating Whistle Blowers are a "Mechanism" for use to report malfeasance etc..

Oh wait, do they not have a person in place called a "Corporate Secretary" who is paid and responsible to whistle blow to the Board of Directors AND the SFC when these things occur.
Would not the CEO, Director of IT, Chairman etc. ALL have fiduciary responsibilities to report errors/mistakes/malfeasance etc. (e.g HACKING)in a timely manner to whomever was concerned however, DID NOT..... !!


So those Senior Leaders who actually get paid and have the responsibility to report these things but do not are now out there trolling for the common folk to rat out the Swire "Leaders"

Ether this is the biggest joke I've ever heard or the best attempt at projecting, deflecting or blame shifting I've ever seen...

https://sc.mp/1sdfy

Cathay under fire worldwide on data breach – ‘one of its worst crises’



The hits keep on coming..

So what’s 4% of annual global revenue going to cost them!

4% of HK$97B... is $3.88B... that's the maximum allowed under the law.

https://sc.mp/1sdfy

Cathay under fire worldwide on data breach – ‘one of its worst crises’



The hits keep on coming.."Slosar said it was “always a judgment call” whether to disclose. While the breach was a matter of great public interest, he said Cathay had taken the view the incident was “not material and not [share] price sensitive”.It would be up to Cathay’s board regarding exactly who in the management team would be held accountable for the crisis, Hogg said. "

what are the odds one of the liable subbies is swire via their management consulting to CX? there's only one non-swire ED and he's got the hot potato on his plate... and still there...

Slosar and Hogg should get used to it.

They’ll need to perfect their dumbfounded looks, and evasive answers in front of the law makers for when they’re summoned after the inevitable smoking hole in the ground occurs due to their policies over the past decade.....

Of course when that occurs, they’ll have the idiot who was so desperate to get into fltops management he took a job which might as well have been titled “fall guy”. Maybe IT will get a Risk Manager too now.

So what’s 4% of annual global revenue going to cost them!


Don't worry, in the same newspaper on the same day - "oil prices plummet"
This should help Cabin Crew who in the same paper are asking for a pay rise.

Slosar and Hogg should get used to it.

They’ll need to perfect their dumbfounded looks, and evasive answers in front of the law makers for when they’re summoned after the inevitable smoking hole in the ground occurs due to their policies over the past decade.....

Of course when that occurs, they’ll have the idiot who was so desperate to get into fltops management he took a job which might as well have been titled “fall guy”. Maybe IT will get a Risk Manager too now.

Did they manage to blame the pilots for this cock up ?

No, but they will manage to make the pilots pay for it....bye bye 13th month, JCR, etc etc.

Sorry to break your bubble BC but JCR was bullish** from day one.
It's an expensive lifestyle (for flight crew) item that, in their myopic eyes, has no benefit to "their" bottom line or bonuses. It was never planned to and never will see the light of day...

Just the way they operate.

COS18 will benefit their bottom line (near term only) and their bonuses therefore that item "will" be implemented !

The general public and more importantly the shareholders will see this as a major error of judgement and hopefully demand scapegoats. If this was Japan !!

Unitedabx——Did you ever see the Aussie movie “The Castle”?

”tell him he’s dreaming”

"Slosar said it was “always a judgment call” whether to disclose. While the breach was a matter of great public interest, he said Cathay had taken the view the incident was “not material and not [share] price sensitive”.It would be up to Cathay’s board regarding exactly who in the management team would be held accountable for the crisis, Hogg said. "

what are the odds one of the liable subbies is swire via their management consulting to CX? there's only one non-swire ED and he's got the hot potato on his plate... and still there...

Surprising anyone would say this because it's not a judgement call at all. I can only assume this was the script from a Public Relations idiot, with zero knowledge of the law.
Under GDPR, if you have personal data on any EU residents, you have a duty to disclose a breach to the authorities within 72 hours, and to the affected persons "without undue delay".
While they did eventually notify the Hong Kong police cyber crime team, it was months after the event.
Even if the attack took place before the GDPR watershed on the 25th of May, the failure to notify within 72 hours was ongoing while the regulations were in force.
These are the facts.

It's now up to the EU whether they want to make an example of Cathay or not.

Judgement call to disclose????
When it’s required by law?!!!!

wheres the option?
thats why the fine will be huge

https://careers.cathaypacific.com/jobs/data-protection-officer-5790049

Interesting timing on the application deadline...

Was this DPO a new position or a replacement??

If someone was hired... Bet they were thinking ... "This is not what I signed on for..."

Surprising anyone would say this because it's not a judgement call at all. I can only assume this was the script from a Public Relations idiot, with zero knowledge of the law.
Under GDPR, if you have personal data on any EU residents, you have a duty to disclose a breach to the authorities within 72 hours, and to the affected persons "without undue delay".
While they did eventually notify the Hong Kong police cyber crime team, it was months after the event.
Even if the attack took place before the GDPR watershed on the 25th of May, the failure to notify within 72 hours was ongoing while the regulations were in force.
These are the facts.

It's now up to the EU whether they want to make an example of Cathay or not.

My unsubstantiated gut feel is that while it isn't the vampire squid involved, it is something close to it in terms of scale and rudely inserted tendrils, so it'll be a bit quietly sorted...