当前位置:新闻动态
Cathay Pacific data breach probed by Hong Kong's Privacy Commissioner
来源: 编辑:编辑部 发布:2018/11/09 18:14:49
HONG KONG's # Stephen Kai-yi Wong said his office will investigate the data breach of Cathay Pacific Airways' computers last month.
This exposed the data of 9.4 million customers to unauthorised scrutiny. The commissioner said his office received 89 complaints. Cathay Pacific revealed the breach in a stock exchange filing seven months after detecting it.
While passports, addresses and emails were exposed, there was no evidence that information has been misused, though Cathay has not revealed much about the attack.
Mr Wong said his office was out to determine if the company had violated the law. The hack has prompted calls to overhaul Hong Kong's two-decades-old privacy laws to ensure companies report leaks on a timely basis.
For now, offences for disclosing personal data obtained without consent from users could be subject to a fine of HK$1 million (US$127,630) and imprisonment for five years, according to the Personal Data Ordinance. Individuals who suffer damage could also seek compensation.
"The Cathay Pacific incident has highlighted the ineffective reality of our privacy law," said Charles Mok, who represents Hong Kong's IT sector in the Legislative Council.
The commissioner "has no teeth", nor does he have the power to conduct criminal investigations or prosecute, Mr Mok said.
The privacy commissioner began the compliance check after the latest information shared by Cathay Pacific offered "reasonable grounds" to believe there may have been a violation.
A Cathay Pacific representative said the airline is "studying the statement of the Office of the Privacy Commissioner and will continue to cooperate fully with the authorities".
This exposed the data of 9.4 million customers to unauthorised scrutiny. The commissioner said his office received 89 complaints. Cathay Pacific revealed the breach in a stock exchange filing seven months after detecting it.
While passports, addresses and emails were exposed, there was no evidence that information has been misused, though Cathay has not revealed much about the attack.
Mr Wong said his office was out to determine if the company had violated the law. The hack has prompted calls to overhaul Hong Kong's two-decades-old privacy laws to ensure companies report leaks on a timely basis.
For now, offences for disclosing personal data obtained without consent from users could be subject to a fine of HK$1 million (US$127,630) and imprisonment for five years, according to the Personal Data Ordinance. Individuals who suffer damage could also seek compensation.
"The Cathay Pacific incident has highlighted the ineffective reality of our privacy law," said Charles Mok, who represents Hong Kong's IT sector in the Legislative Council.
The commissioner "has no teeth", nor does he have the power to conduct criminal investigations or prosecute, Mr Mok said.
The privacy commissioner began the compliance check after the latest information shared by Cathay Pacific offered "reasonable grounds" to believe there may have been a violation.
A Cathay Pacific representative said the airline is "studying the statement of the Office of the Privacy Commissioner and will continue to cooperate fully with the authorities".