A recent data breach at Cathay Pacific has affected up to 9.4 million of the Hong Kong airline’s passengers, with personal data information such as email addresses and old credit card details being disclosed.
Soon after the breach, SecureData CTO and co-founder, Etienne Greeff commented on how Cathay Pacific had seemingly ‘covered up’ the breach.
Greeff commented, “Another day, another high-profile organisation covering up a security incident. In the firing line this time is Hong Kong airline carrier Cathay Pacific, who has suffered a breach affecting up to 9 million customers.
As we saw with Google + earlier this month, this is a classic example of the unintended consequences of regulation. By forcing companies to comply with tough new processes and rules, businesses are forcibly going to hide breaches and hacks purely out of fear of being caught out by hefty fines and significant reputational damage.
Credit is due to Cathay Pacific for setting up a dedicated website and call centre for potentially impacted customers. But this doesn’t excuse the fact that this breach was first detected in March and has only now been disclosed.
Unfortunately, we’re likely to see organisations continue this behaviour – attempting to cover up significant incidents –, as they regard customer data as their own, without any kind of acknowledgement on the impact it could have on their own customers.
The reality is that our identities are our own, and the ownership of these identities never passes to the company.
They are merely custodians of identities for the simple purpose of conducting business transactions. If our personal details are compromised and we aren’t informed of it when it happens, we can’t take action to defend ourselves, and that is indefensible.”