Cathay Pacific Airlines Cyberattack is Caused by a ‘Sustained Cyberattack’

The cyberattack on Cathay Pacific airlines, which resulted in data breach, has come out as the world's biggest data breach of any airline. The carrier admitted that the cyberattack that affected millions of customers of Cathay Pacific is caused by a sustained cyberattack, which was there for three months. The carrier further insisted that they are on alert for more such attacks. It was previously believed that the cyberattack resulted in
unauthorised access to personal data of 9.4 million Cathay Pacific passengers.

An article has been submitted by the Hong Kong lawmakers in a joint meeting about the breach. The airlines said that they themselves along with the passengers who were affected were "victims of a cybercrime carried out by sophisticated attacker(s)" that "were at their most intense in March, April and May but continued thereafter", as
posted by the businesstraveller.com of November 13, 2018.

The airline further stated that it had spent RM 531mil, i.e. US$ 127mil, on IT infrastructure as well as security over the time period of three years. However, this was not sufficient to stop what they called "sophisticated attackers" from repeatedly attacking and breaching their systems. Cathay Pacific airlines investment in their IT systems includes spending money on cloud computing and two data servers that are large in size. This investment was made by the airlines when it generated revenue of RM156bil or HK$292bil.

The cyberattacks were such that it required huge amount of investigation. It admitted that around 860,000 passport numbers, 245,000 identity card numbers of Hong Kong, 403 credit card numbers that got expired and 27 credit card numbers having no CVV (Card Verification Value) were accessed. However, it insisted that no evidence was found
that personal data got misused. The airlines issued a statement which said, "throughout our investigation into this incident, our foremost objective and primary motivation has been to support our affected passengers by providing accurate and meaningful information".

The hack has led to a formal investigation of the case by the privacy watchdog of Hong Kong, while investigation by the police is still ongoing. The airlines said that, "the investigation was complex, longer than what we would have wished, and we would have liked to have been able to provide this information sooner". The airline has also
apologized to the affected passengers and says that they were helping them in order to protect themselves.

» SPAMfighter News - 11/19/2018