Hackers hit Cathay Pacific as data on 9.4 million passengers breached

Around 860,000 passport numbers and 245,000 identity cards numbers were accessed.

Reuters reports that Cathay Pacific Airways Ltd. has announced that the information of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines Limited were illegally accessed in a massive data breach that occurred months earlier.

Around 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed in the breach. The data include names of passengers, their nationalities, dates of birth, telephone numbers, email and physical addresses, passport numbers, identity card numbers and historical travel information.

“We are very sorry for any concern this data security event may cause our passengers,” Cathay Pacific chief executive Rupert Hogg said in a statement.

Also read: Air cargo slump may cut Cathay's rebound short

No passwords, Asia Miles or Marco Polo account club information were accessed, according to South China Morning Post. “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” added Hogg.

Cathay initially discovered suspicious activity on its regular server check on March 2018 with investigations in May confirming that the customer data have been accessed.

Hong Kong’s privacy commission has already expressed serious concern over the data leak as angry customers continue to demand answers on why it has taken Cathay so long to be notified about the breach.

Here’s more from Reuters:

Photo from MNXANL - Own work, CC BY-SA 4.0