Hong Kong based airline Cathay Pacific says the personal data of up to 9.4 million passengers have been accessed in massive security breach.
Upon discovery, the company took immediate action to investigate and contain the event and whilst the company has no evidence that any personal information has been misused the airline had reported the incident to the Hong Kong Police.
The airline advises that the following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks; and historical travel information. In addition, 403 expired credit card numbers were accessed. Twenty-seven credit card numbers with no CVV were accessed. The combination of data accessed varies for each affected passenger.
Cathay Pacific Chief Executive Officer Rupert Hogg said, “We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety the airline confirmed. Hogg added: “We want to reassure our passengers that we took and continue to take measures to enhance our IT security. The safety and security of our passengers remains our top priority.”
