A major Hong Kong based international airline, Cathay Pacific Airways Limited, revealed yesterday that it has discovered unauthorized access of data belonging to as many as 9.4 million Cathay passengers. This data includes the passenger name, nationality, date of birth, phone number, email address, passport number, identity card number, customer service remarks, and historical travel information. Moreover, 403 expired credit card numbers and 27 credit card numbers with no CVV were also accessed.
Cathay Pacific has its head office and main hub located at Hong Kong International Airport and serves flights around North America, Europe, China, Taiwan, Japan, Southeast Asia, and the Middle East.
The company has taken immediate measures to investigate the data breach further. So far, Cathay hasn’t found any evidence of misuse of personal information. The airlines also mentioned that because of the recent data breach, part of the IT security processes have been affected, but and is the flight operations systems which are insulated from the IT security systems remain uncompromised.
Cathay Pacific posted about the data breach on Twitter:
We have discovered unauthorised access to some of our passenger data. For Data Security Event support, please DM @cxinfosec for assistance.
— Cathay Pacific (@cathaypacific) October 24, 2018
“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures”, said Rupert Hogg, CEO, Cathay Pacific.
Cathay is currently contacting the affected passengers, using multiple communications channels, and is providing them with information on steps that can be taken to protect users.
“We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised. Cathay Pacific has notified the Hong Kong Police and is notifying the relevant authorities. We want to reassure our passengers that we took and continue to take measures to enhance our IT security. The safety and security of our passengers remain our top priority”, said Hogg.