Welcome Guest ( Log In | Register )

Digg this topic · Save to del.icio.us · Slashdot It · Post to Technorati · Post to Furl · Submit to Reddit · Share on Facebook · Fark It · Googlize This Post · Add to ma.gnolia · Tag to Wink · Add to MyWeb · Add to Netscape
Hong Kong Airlines says sorry over passenger data leak, Thursday December 29, 2016
post Dec 29 2016, 05:14 AM
Post #1

Elite Member
Group Icon

Group: Elite Moderators
Posts: 12,774
Thank(s): 7186
Joined: 24-December 06
From: London
Member No.: 2,491



Continued Standard of Excellence Staff of the Month Contributor Top Staff Happy Chinese New Year 2015

Source: ejinsight/Appledaily

Hong Kong Airlines has issued a public apology after its Android mobile app reportedly leaked personal data of more than a hundred of its passengers, including their names, passport numbers and travel records.

The airline immediately suspended access to the app and a feature where non-members can make enquiries, Ming Pao Daily reports. It promised a thorough investigation of the incident and said it is coordinating with a third-party agent to help prevent the repeat of such an incident.

The company has also filed a report to the Office of the Privacy Commissioner for Personal Data. The OPCPD said leaking personal data of customers could have violated the principles of data security, although it does not constitute a criminal offense. It said it will ask Hong Kong Airlines to introduce measures to plug the loopholes.

The security breach was first discovered by a Hong Kong Airlines customer surnamed Lam, Apple Daily reported. Lam and his girlfriend logged into the app for online check-in as non-registered guests. As they were going through the process, they were surprised to see a list of personal data of over a hundred other passengers available to anyone using the app. When clicked, the records revealed the full name, Hong Kong ID number, flight information, seat number and boarding pass QR codes of the passengers. A computer programmer himself, Lam was shocked to see that his and his girlfriend’s data was also on the list after they checked in online.

The two then canceled their online check-in record and repeated the process after signing up and logging in as a member. This time, they did not see their names and data appearing on the app again. Lam believed the incident was a basic mistake on the programming side, and could have been avoided easily. The data leak could pose security risks to the passengers on the compromised list. A person can assume the name and passport number of one of the passengers, and then download and print the boarding pass of the original ticket owner, the report said.

Legislator Helena Wong Pik-wan said passenger names and passport numbers are personal data and airlines could be held liable for violation of the Personal Data (Privacy) Ordinance if such information are disclosed without the owner’s consent.

Dr. Karl Leung Ping-hung, head of the Department of Information Technology at the Hong Kong Institute of Vocational Education (Chai Wan), said the airline’s system could have mistakenly granted access rights to app users to see privileged information, Ming Pao Daily reported. Leung said the same data breach could have happened on the iOS version of the app.
Go to the top of the page
The Following 4 Users Say Thank You to R.E.D for this useful post:
GTR, Nek, RAV4-07, raymond
If you would like to read the other replies of this topic you need to be a Registered Member!

If you are already a Member then please Login otherwise Register an Account to join our community

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


Lo-Fi Version Time is now (EST): 28th March 2017 - 06:52 AM