Cathay Pacific Airways Limited, the flag carrier of Hong Kong, admitted having suffered a major data leak affecting up to 9.4 million passengers.
Exposed data includes passport numbers, identity card numbers, email addresses, and credit card details were accessed, information exposed varies for each affected passenger.
“As part of our ongoing IT security processes, we have discovered unauthorised access to some of our passenger data. Upon discovery, we took immediate action to contain the event, and further strengthen our IT security measures.” reads the official statement published by the airline.
The IT staff at Cathay discovered an unauthorized access of systems containing the passenger data of up 9.4 million people. Hackers also accessed 403 expired credit card numbers and twenty-seven credit card numbers with no CVV were accessed.
The company is notifying the affected passengers through multiple channels.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves,” said Cathay Pacific Chief Executive Officer Rupert Hogg.
“We have no evidence that any personal data has been misused.”
“The following personal data was accessed: passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks, and historical travel information.” Hogg added.
The company immediately reported the incident to the authorities and launched an investigation.
At the time there is no news about financial compensation for affected passengers.
Anyone who believes they may be affected can contact Cathay Pacific in the following ways:
(Security Affairs – Cathay Pacific, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.