Latest update: 25 Mar 2020 15:30 HKT (GMT+8)

Update from Cathay Pacific:

We would once again like to express our great regret and to sincerely apologize for the incident.

We have co-operated closely with the PCPD and the relevant authorities in their investigations.

We have already taken a series of decisive measures to further enhance our IT security in the areas of data governance, network security, access control, education and awareness of our people, and incident response agility.

We have spent substantial amounts on IT infrastructure and security and investments in this area will continue.

We have also enhanced our security team resources whose expertise is complemented by leading external cyber security experts.

These measures have improved our overall security and we believe they will help us prevent further unauthorized access to our systems.

However, we are aware that in today’s world, as the sophistication of cyber attackers continues to increase, we need to and will continue to invest in and evolve our IT security systems.

Our investigation reveals that there is no evidence of any personal data being misused to date - We will continue to co-operate with the PCPD to demonstrate our compliance and our ongoing commitment to protecting personal data.

On 24 October 2018, we informed the authorities of unauthorised access to some of our passenger data. Between 25 October and early November, we notified affected passengers via an individualised email or letter, which told each person the specific details of their accessed personal data.

We apologise for any concern that the data security event may have caused, and would like to reassure our customers that the systems affected were totally separate from our flight operations systems, and there was no impact on flight safety.

If you believe you have been affected, please register your enquiry or contact us.