[Security Blog] Beware of the unauthorized FPS transaction and SVF setup

Recently, there were reports about unauthorized money transfer between bank account and stored value facilities (SVF). On 30 Sep 2018, the Hong Kong Monetary Authority (HKMA) has launched Faster Payment System (FPS), which enables person-to-person interbank fund transfer using phone number or email address as recipient, and also top-up of some SVF. Whether you are using such payment facilities, you are suggested to take the precaution measures.

[Security Blog] Security Advisory: Cathay Pacific and Cathay Dragon Passenger Data Breach

According to Cathay Pacific announcement on Hong Kong Stock Exchange, they have discovered unauthorized access to their 9.4 million passenger data including its subsidiary Cathay Dragon in early March 2018. The types of personal data accessed were the names of passengers, their nationalities, dates of birth, telephone numbers, email addresses, physical addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks and historical travel information. Around 860,000 passport numbers and around 245,000 HKID numbers were leaked and accessed. Besides, 403 expired credit card numbers and 27 credit card numbers with no CVV were also leaked and accessed. The company stated that they have hired a cyber security firm and also reported to police for investigation.