Hong Kong’s Cathay Pacific Airways Limited has suffered a massive data breach in which personal data of 9.4 million customers has been stolen by unknown hackers.
Cathay Pacific states that the stolen data includes passenger name, date of birth, nationality, email, phone number, frequent flyer programme membership number, physical addresses, 245,000 Hong Kong ID card numbers, 860,000 passport numbers, customer service remarks and details related to passenger’s travel history.
Furthermore, hackers also accessed expired credit card numbers of 403 passengers while 27 credit card numbers were accessed without their CVV numbers.
“We are very sorry for any concern this data security event may cause our passengers,” said Cathay Pacific CEO Rupert Hogg. “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” said Cathay Pacific in its official statement.
The data breach took place in March this year leading to investigations and by May it was confirmed that personal data of passengers had been accessed. According to Rupert Hogg, Cathay Pacific Chief Executive Officer there is no evidence that any personal data has been misused and no passwords were compromised.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised,” Hogg explained.
Cathay Pacific has informed the Hong Kong Police and also launched a dedicated website to keep affected passengers up to date on the recent developments.
“We want to reassure our passengers that we took and continue to take measures to enhance our IT security.” Hogg added.“The safety and security of our passengers remains our top priority.”
Cathay Pacific is the second major airline that has come under cyber attack in the last few months. In September, British Airways announced that hackers access personal and financial data of 380,000 customers by exploiting vulnerabilities in its mobile application servers and website.