​Cathay Pacific Data Breach Affects 9.4 Million

Cathay Pacific Airways has suffered a serious data breach with passenger information of up to 9.4 million people accessed.

The Hong Kong airline said it took immediate action to investigate and contain the event and that it has no evidence that any personal information has been misused.

The personal data that was accessed includes passenger name and nationality, date of birth, contact details such as phone number and email address, passport and HK identity card numbers, plus the passengers previous travel information.

Cathay’s chief executive Rupert Hogg apologised for passengers’ concerns about the data security breach. “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”

The airline said the IT systems affected are totally separate from flight operations systems, and there is no impact on flight safety.

In addition to the personal data, Cathay said 403 expired credit card numbers had been accessed, and 27 credit card numbers with no CVV number. The actual data accessed varies for each affected passenger.

The airline said it has notified the Hong Kong Police and relevant authorities.

Passengers who believe they may be affected by the data breach are urged to contact Cathay Pacific by email at infosecurity@cathaypacific.com, via the dedicated website infosecurity.cathaypacific.com or by the phone numbers available on that website.

CEO Hogg concluded by saying “We want to reassure our passengers that we took and continue to take measures to enhance our IT security. The safety and security of our passengers remains our top priority.”