On Wednesday, October 24th, Cathay Pacific disclosed a data breach of passenger personal data of 9.4 million customers:
“Cathay Pacific announced today that as part of its ongoing IT security processes, it has discovered unauthorised access to some of its information system containing passenger data of up to 9.4 million people. Upon discovery, the company took immediate action to investigate and contain the event. The company has no evidence that any personal information has been misused. The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety.”
Rupert Hogg, Cathay Pacific Chief Executive Officer stated: “We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”
Hackers accessed the following personal data according to the announcement: passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks, and historical travel information.
A small number of payment card data was also accessed, to include 403 expired credit card numbers and 27 that had no CVV code.
See the full company announcement here.