The National Privacy Commission demands Cathay Pacific for an explanation

Following the massive data breach at Cathay Pacific’s database, the National Privacy Commission (NPC) revealed to the public the airline’s findings on the said. From the 9.4 million affected customers, around 102,209 Filipinos were affected by the data breach. Breaking down the data, 35,700 Philippine passport numbers were exposed while 144 credit card numbers were compromised.

“Among those fields taken were passenger name; nationality, date of birth, phone number, e-mail, credit card number, address, passport number, identity card number, frequent flyer membership number, customer service remarks, and historical travel information,” the NPC said in their report.

In light of Cathay Pacific’s findings, the NPC filed an order to Cathay Pacific to explain within 10 days why the airline failed to file the report as early as possible. Cathay Pacific discovered the data breach as early as March 7, but only reported it to the public last October 25.

“On the surface, there appears to be a failure on the part of Cathay to report to this Commission what it knew about the data breach at the time it confirmed unauthorized access, and what the affected data fields are,” the NPC said in their order.

You can read NPC’s order here.