Latest news with #privacycommissioner
South China Morning Post
24-07-2025
- Business
- South China Morning Post
Cathay Pacific apologises after 1,000 customers have Asia Miles accounts hacked
Hong Kong's flag carrier, Cathay Pacific Airways, has apologised to about 1,000 customers after their accounts with its Asia Miles loyalty programme were hacked, with mileage stolen, and personal data and travel details compromised. The airline said on Thursday that no credit card information was leaked despite the hack. Cathay said its preliminary investigation suggested that the theft of Asia Miles by unauthorised parties was the 'primary motivation', although the misuse of personal data remained a possibility. 'The unauthorised parties used valid members' credentials, some of which were found to be exposed on the internet, to log in and then fraudulently bypassed the secondary verification process to access Asia Miles in the accounts, by exploiting an issue in such a process,' it said. 'The secondary verification issue has already been rectified and the process further strengthened by Cathay to ensure similar incidents will not happen again.' Asia Miles is a loyalty and frequent-flyer programme launched by Cathay Pacific. Photo: Handout The company said that it had reported the case to the relevant authorities, including the privacy commissioner, and had also engaged an external expert to conduct a comprehensive independent investigation into the hacking.
Free Malaysia Today
21-07-2025
- Business
- Free Malaysia Today
HK investigates Louis Vuitton data leak that affected 419,000
Louis Vuitton reported the data breach incident to Hong Kong's privacy watchdog on July 17. (EPA Images pic) HONG KONG : Hong Kong's privacy watchdog said today that it was investigating a data leak at Louis Vuitton affecting about 419,000 customers, just after a cyberattack on the luxury brand in South Korea in June. Leaked data included names, passport details, addresses and email addresses as well as phone numbers, shopping history and product preferences, Hong Kong's office of the privacy commissioner for personal data said in an emailed statement. Louis Vuitton submitted the data breach incident to the office on July 17. Its French head office found suspicious activities on its computer system on June 13 and then discovered on July 2 that it affected Hong Kong customers, the statement said. The office said it had launched an investigation into Louis Vuitton Hong Kong, including whether the incident involved delayed notification. No relevant complaints or inquiries have been received so far, it said. The incident comes after a systems breach at Louis Vuitton in Korea in June led to the leak of some customer data, including contact information, but it did not involve customers' financial information, the company said. Louis Vuitton did not immediately respond to requests for comment.
CTV News
17-06-2025
- Business
- CTV News
Joint investigation by Canada and U.K. says 23andMe failed to protect customer data
Privacy Commissioner of Canada Philippe Dufresne leaves after a news conference at the National Press Theatre in Ottawa on Thursday, Feb. 29, 2024. (THE CANADIAN PRESS/Justin Tang) Genetic testing company 23andMe failed to take basic steps to protect customer data, according to a joint investigation by Canada and the U.K. into a massive global data breach. As a result, the U.K. is imposing a £2.31 million fine on the company. Canada does not have the power to impose a similar penalty. Canada's privacy commissioner Philippe Dufresne and U.K. information commissioner John Edwards revealed their findings at a news conference in Ottawa on Tuesday morning. 'With data breaches growing in severity and complexity, and ransomware and malware attacks rising sharply, any organization that is not taking steps to prioritize data protection and address these threats is increasingly vulnerable,' Dufresne said on Tuesday. 'Our investigation found that these types of security measures were not in place at 23andMe.' In September, 23andMe agreed to pay US$30 million to settle a lawsuit after hackers accessed the personal data of nearly seven million customers and posted their information for sale on the dark web, including data from nearly 320,000 people in Canada. The 2023 attack appeared to specifically target customers with Chinese and Ashkenazi Jewish ancestry. The joint investigation by privacy authorities in Canada and the U.K. was launched in June 2024 to examine the scope of the breach and 23andMe's response. 'In the wrong hands, an individual's genetic information could be misused for surveillance or discrimination,' Dufresne said in a news release when the investigation was announced. 'Ensuring that personal information is adequately protected against attacks by malicious actors is an important focus for privacy authorities in Canada and around the world.' 23andMe filed for bankruptcy in March. On June 13, it was announced that a non-profit led by 23andMe co-founder Anne Wojcicki would purchase the troubled company for US$305 million. Founded in 2006, 23andMe claims to have more than 15 million customers worldwide. The business was centred around at-home DNA testing kits that use saliva samples to provide genetic insights about health risks and ancestry. The California-based company went public in 2021, but never made a profit. 23andMe saliva collection kit A 23andMe saliva collection kit is shown on March 25, 2025, in Oakland, Calif. (AP Photo/Barbara Ortutay) With files from Reuters and CNN
CTV News
09-06-2025
- CTV News
Lost RCMP memory key with informant details was offered for sale by criminals: report
Privacy Commissioner of Canada Philippe Dufresne waits to appear at the Standing Committee on Access to Information, Privacy and Ethics in Ottawa on Tuesday, Nov. 19, 2024. THE CANADIAN PRESS/ Patrick Doyle OTTAWA — The federal privacy watchdog says the RCMP lost a memory key containing personal information about victims, witnesses and informants, and later learned it was being offered for sale by criminals. A detailed report from the office of privacy commissioner Philippe Dufresne reveals the RCMP told the watchdog about the breach in March 2022, prompting a lengthy investigation. The probe found that the unencrypted USB storage device contained the personal information of 1,741 people, including witnesses, complainants, subjects of interest, informants, police officers and civilian employees. The privacy commissioner says an RCMP detachment learned from a confidential source three weeks after the loss that the data on the device was being offered for sale by members of the criminal community. The privacy watchdog recommended the RCMP adopt strict security measures for the use of USB storage devices, given the sensitive nature of the personal information police handle daily. The commissioner says the Mounties agreed in principle to the recommendations but did not commit to implementing them within a specific timeline. Article by Jim Bronskill.
CTV News
04-06-2025
- Business
- CTV News
Committee to discuss NS Power breach that allowed theft of 280,000 customers' data
Peter Gregg, president and CEO of Nova Scotia Power, makes an appearance before the Nova Scotia legislature's law amendments committee, in Halifax, Monday, Oct. 31, 2022. THE CANADIAN PRESS/Keith Doucette HALIFAX — A provincial legislative committee is scheduled to meet today to discuss the recent Nova Scotia Power cybersecurity breach that allowed cyber-thieves access to data from 280,000 customers. The privately owned utility's CEO and other senior staff with Nova Scotia Power were called as witnesses to the standing committee on public accounts, which is set to meet this morning. Company CEO Peter Gregg has previously said the data of about 280,000 Nova Scotia Power customers was breached in a ransomware attack — which is more than half of their total customers. The breach of the customer records was first reported in late April, and the company later indicated the first breach was detected in mid-March. Gregg said the social insurance numbers of up to 140,000 customers had been collected by the utility, and therefore could have been accessed in the breach. He says Nova Scotia Power gathered these social insurance numbers as a way to authenticate customers' identities in cases where multiple customers have the same name, but social insurance numbers aren't required from its customers and were offered voluntarily. The federal privacy commissioner has launched an investigation into a ransomware attack, with Philippe Dufresne saying in a statement last week he started the probe after receiving complaints about the security breach the utility reported in late April. This report by The Canadian Press was first published June 4, 2025.
