Cathay Pacific Airways is to be investigated by Hong Kong’s privacy watchdog following a massive data breach involving 9.4m passengers.
Earlier today Hong Kong’s privacy commissioner said he would be launching a compliance probe into the airline after it failed to reveal a breach in its data until October, seven months after suspicious activity was registered on its network.
The probe will also expand into the operations of Cathay’s fully owned subsidiary, Hong Kong Dragon Airlines, which was also involved in the privacy blunder.
Last month Cathay said that roughly 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed without authorisation.
"There are reasonable grounds to believe there may be a contravention of a requirement under the law," Hong Kong's Privacy commissioner for personal data, Stephen Wong, said in a statement.
He added: "The compliance investigation is going to examine in detail, amongst others, the security measures taken by Cathay Pacific to safeguard its customers' personal data and the airline's data retention policy and practice."
Cathay said it initially discovered suspicious activity on its network in March 2018 and investigations in early May confirmed that certain personal data had been accessed.
It is the latest airline to be embroiled in a data breach, coming a month after British Airways said that hackers stole the financial details of customers from its website and mobile app.
Air Canada has also recently revealed that its mobile app had been hacked in a breach that could affect as many as 20,000 people.
A number of UK firms have fallen victim to similar cyber attacks in recent months, with Dixons Carphone apologising in late July for a 2017 data breach that affected the personal data of nearly 9m extra people.
According to the European Aviation Safety Agency, there were 1,000 cyber attacks each month on aviation systems in 2016, with groups such as Vietnam Airlines having to carry out airport operations by hand after hackers corrupted the firm’s website.