A Cathay Pacific Airways Ltd. aircraft flies near Hong Kong International Airport in Hong Kong. (Photographer: Anthony Kwan/Bloomberg)

Cathay Tries to Pacify Angry Hack Victims With  ‘Exciting Offers’

(Bloomberg) -- Reeling from the world’s worst airline hack that exposed personal data of 9.4 million passengers, Cathay Pacific Airways Ltd. is seeking to regain customer trust with “exciting offers” including better in-flight dining and entertainment.

The marquee carrier is attempting to soothe angry customers by promising better services on board after coming under fire for the seven-month delay in disclosing the breach detected back in March. Among the information exposed were passport details, addresses and emails, although there was no evidence the data was misused, the airline has said.

“We understand that people are disappointed and upset by this event,” Chairman John Slosar said, fielding queries from Hong Kong’s lawmakers at a panel meeting Wednesday. “We want to make some particularly exciting offers that people can take advantage of going forward.”

The sophisticated attacks that lasted months earlier this year couldn’t have come at a worse time for Cathay Pacific’s Chief Executive Officer Rupert Hogg. At best, it is a distraction from his efforts to steer Asia’s biggest international airline back to profit, and at worst, the carrier could face regulatory action and lawsuits as it faces inquiries in at least 15 jurisdictions.

Hogg told lawmakers Wednesday that it’s still too early to discuss compensation and costs resulting from the hack. The attacks were most intense March through May and continued, Cathay said Monday separately. Although the number of successful attempts diminished, concerns remain new ones could be mounted, it said.

Slosar said the carrier made a call in March that the information, although of public interest, wasn’t material or price sensitive and held off on disclosing it immediately. The price change after the disclosure confirms Cathay’s judgment, he said.

Shares of the carrier have rebounded 3.4 percent since the disclosure. They had slumped the most since January 2017 the day after the filing.

Cathay Pacific has said in the past that it needed to investigate the violation thoroughly before sharing details of the attack. Eventually it revealed it in a filing on Oct. 24.

“It’s a lesson we learned,” Slosar said, adding Cathay Pacific will “report instantly” if a hack were to happen tomorrow.

While the airline hasn’t commented on the origin of the attacks, it said hackers used malware and utilities that gave them the ability to conduct reconnaissance and the unknown signatures weren’t initially detected by Cathay Pacific’s anti-virus system.

The breach has prompted calls to overhaul Hong Kong’s two-decades-old privacy laws to ensure companies report any leaks quicker. Charles Mok, a local lawmaker, has said the city’s privacy commissioner “has no teeth” as the official has no power to conduct criminal investigations or prosecute.

©2018 Bloomberg L.P.