Over the past few months Cathay Pacific underwent a security breach where details of many Marco Polo Club/Asia Miles accounts were revealed to the public. Airlines are really strict on security and privacy, due to the extensive documentation they require from you in order to fly you safely; these documents were made vulnerable during the latest security breach.
As you’d expect from any airline (I don’t consider their extensive research into the situation to be impressive by any means, though don’t have any complaints), Cathay Pacific immediately jumped onto the situation, and now account holders are receiving rolling emails about their details’ involvement in the situation.
Most of the below is common sense, but I thought I’d quickly compile a list of “do”s and “don’t”s for what to do, since a large number of accounts were breached.
What was leaked?
If your information has been affected, within the next few days you’ll receive an email informing you which of the following in your account have been breached:
- passenger name
- date of birth
- phone number
- email address
- passport number
- identity card number
- frequent flyer programme membership number
- customer service remarks
- historical travel information
403 expired credit card numbers were accessed, as well as 27 credit card numbers with no CVV. Cathay Pacific made it clear that no passwords were revealed. Cathay Pacific also reinstated multiple times that there was no evidence that any data has been misused as of yet.
Now obviously Cathay Pacific needs to up its game and make sure the problem is resolved immediately, since this sort of security breaching is not normal – and shouldn’t be, at all. However, what’s done is done, and I thought I’d come up with a few things that you should and shouldn’t do.
DO: Keep an eye on your email
One thing you have to be very wary of is if something suspicious pops up in your email. Your information could be used to sign up for profligate accounts, which you should immediately raise to Cathay Pacific’s attention.
DON’T: Click on suspicious emails
While many different social media sites are encrypted in a million different ways (WhatsApp, Facebook Messenger, etc. are all encrypted), Gmail is not. Applications such as Mixmax are open to the public, where they can track when you open an email sent by someone else, when you click on a link, etc.. If generic applications open to the public can do that, imagine what a bit of coding magic would do. Do NOT click on any links even if you do open the email – that would make any intruders prone to even more information.
Do NOT click on suspicious emails – Gmail is particularly good at identifying them. Make a habit of only clicking on emails that address you directly, and deleting any promotional information (you can search the information up based on the title if you’re interested)
DO: Keep an eye on your credit card transaction history
Now, most of you will have a credit card with a valid CVV (if you don’t, chances are this breach isn’t your biggest concern). However, make sure nothing suspicious comes in your primary credit card account; while expired credit cards cannot be used to make payments, they can be traced back to your primary account number, where extra harm could be done to your account. The credit card could also help spearphishing, which is when someone impersonates your credit card company sending you trusted emails when they’re actually taking information from you (see above).
If something suspicious comes up, consult your bank.
DO: Periodically check your Marco Polo/Asia Miles account
While Cathay Pacific has made clear that no passwords were accessed, that’s the status quo and could easily change in the future. Be particularly wary of your Marco Polo and Asia Miles accounts, and change your password if possible (it’s unlikely that the passwords will be breached now that it’s a big deal with Cathay Pacific, but security never hurts – better safe than sorry).
Cathay Pacific was very clear that they’ll contact directly those whose details have been involved. If nothing comes up in your credit transaction history, you don’t receive any suspicious emails that you click on, and Cathay Pacific hasn’t contacted you regarding a breaching of your credit card details, there’s no reason for paranoia. Yes, changing your passwords can always help; however, cancelling credit cards unnecessarily based on this incident can cause more harm than good.
While there’s nothing particularly impressive or out-of-the-box that Cathay Pacific’s doing for those affected, I do believe that the action they’ve taken against this unfortunate situation is adequate (they’ve sent out all the relevant information to each account holder impacted, and also set up ID tracking services for the particularly paranoid). Be sure to follow the tips above, and share in the comments below if you have any.