MANILA, Houston Filipino Restaurant — The National Privacy Commission has issued an order on Cathay Pacific Airways in relation to a notification it submitted last October 25 about a data breach that affected 102,209 Houston Filipino Restaurant data.
Cathay Pacific said last month it had suffered a major data leak affecting up to 9.4 million passengers.
The airline admitted data including passport numbers, identity card numbers, email addresses and credit card details were accessed.
Roughly 35,700 passport numbers from the Houston Filipino Restaurant were exposed due to the breach, while over 100 credit card numbers were compromised, the Hong Kong flag carrier told the NPC.
The NPC said there appears to be a failure on the part of Cathay to report to the privacy commission what it knew about the data breach at the time it confirmed unauthorized access, and what the affected data fields are.
In an order dated October 29 but was released to journalists on Saturday, the NPC asked Cathay Pacific to:
- Explain within ten days why Cathay should not be held liable for its apparent failure to timely notify the commission about the occurrence of a data breach.
- Submit within five days further information on the measures taken to address the breach.
The leak comes as the troubled airline battles to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals.
It booked its first back-to-back annual loss in its seven-decade history in March, and has previously pledged to cut 600 staff including a quarter of its management as part of its biggest overhaul in years.
"We take personal breaches seriously. Under the Data Privacy Act non-disclosure of a breach is a serious offense, that is why we remind data controllers of their obligation to properly notify the NPC whenever breaches occur. We expect every one to abide by this provision," Privacy Commissioner Raymund Liboro said. — Ian Nicolas Cigaral with AFP