Octopus chief executive Prudence Chan initially denied that data had been sold but she has since backtracked in the face of fierce criticism from Hong Kong's privacy commissioner Roderick Woo, who has launched an investigation.
Octopus has now issued a statement saying it will no longer hand over customer data to merchant partners for marketing purposes. Chan says the company believes its policies are based on Hong Kong's Personal Data Ordinance but acknowledges customers concerns.
"To put their minds at ease, we believe the best way forward is to terminate all activities that involve the provision of customers' personal data to merchant partners for marketing purposes," she says.
Octopus has proved hugely successful since its launch in 1997 but has faced controversy before. In 2007 it admitted wrongly deducting a total of HK$3.7 million from 15,270 customers over seven years because of a fault in its EFT system which resulted in funds being deducted from customers' bank accounts but not credited to their travel passes.
