Cathay Pacific has announced that data of around 9.4 million passengers were illegally accessed from its servers.
In a statement, the Hong Kong-based airline revealed that data accessed include the following information: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks; and historical travel information.
More than 400 expired credit card numbers, as well as 27 valid credit cards with no CVV were also accessed. The airline says the sensitive data accessed per customer varies. The company, as said in its statement, has no evidence that the sensitive information was misused.
“We are in the process of contacting affected passengers, using multiple communications channels and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised,” Cathay Pacific Chief Executive Officer Rupert Hogg said.
If you have flown with the airline recently and feel like you may be affected, Cathay Pacific has opened up their hotlines through the following channels:
- Via the dedicated website – infosecurity.cathaypacific.com – which provides information about the event and what to do next
- Via Cathay Pacific’s dedicated call center (toll-free numbers are available on infosecurity.cathaypacific.com)
- Email Cathay Pacific at infosecurity(@)cathaypacific.com
The company was aware of the breach since March this year but did not disclose why it took them months to announce it. The airline has notified Hong Kong Police about the incident. “We want to reassure our passengers that we took and continue to take measures to enhance our IT security. The safety and security of our passengers remain our top priority,” Hogg said.
