Cathay Pacific Airways Limited, the flag carrier of Hong Kong, had suffered a major data leak affecting up to 9.4 million passengers.
Cathay Pacific Airways Limited, the flag carrier of Hong Kong, admitted having suffered a major data leak affecting up to 9.4 million passengers.
Exposed data includes passport numbers, identity card numbers, email addresses, and credit card details were accessed, information exposed varies for each affected passenger.
“As part of our ongoing IT security processes, we have discovered unauthorised access to some of our passenger data. Upon discovery, we took immediate action to contain the event, and further strengthen our IT security measures.” reads the official statement published by the airline.
The IT staff at Cathay discovered an unauthorized access of systems containing the passenger data of up 9.4 million people. Hackers also accessed 403 expired credit card numbers and twenty-seven credit card numbers with no CVV were accessed.
The company is notifying the affected passengers through multiple channels.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves,” said Cathay Pacific Chief Executive Officer Rupert Hogg.
“We have no evidence that any personal data has been misused.”
“The following personal data was accessed: passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks, and historical travel information.” Hogg added.
The company immediately reported the incident to the authorities and launched an investigation.
At the time there is no news about financial compensation for affected passengers.
Anyone who believes they may be affected can contact Cathay Pacific in the following ways:
Via the dedicated website – infosecurity.cathaypacific.com – which provides information about the event and what to do next
Via Cathay Pacific’s dedicated call centre available after 12:30/25OCT (GMT+8) (toll free numbers are available on infosecurity.cathaypacific.com)
Email Cathay Pacific at email@example.com
Recently, personal and payment card information of 380,000 British Airways customers were stolen by MageCart hackers, and the company pledged to compensate customers.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.