A massive data breach has seen hackers gain access to the personal details of up to 9.4 million customers of Hong Kong-based Cathay Pacific.
The airline said the data accessed varied for each passenger but could include name, nationality, date of birth, phone number, email; address, passport number; identity card number, frequent flyer number, customer service remarks and historical travel information.
Also accessed were 403 expired credit card numbers and 27 credit card numbers with no CVV.
However, in another major embarrassment, according to The Times, the breach occurred seven months ago in March.
The airline said it had no evidence the information had been misused and the compromised IT systems were totally separate from its flight operations systems and had no impact on flight safety.
Cathay is the second airline to be hacked this year and appears to be one of the biggest airline breaches to made public to date.
The personal details of some 380,000 British Airways passengers were accessed after a data breach at the UK carrier.
UK media said at the time the information included credit card details, residential addresses, and email details but the airline said the hackers had not accessed itineraries or passport details.
Cybersecurity is becoming an increasing worry for airlines and other organizations. While industry officials say critical aircraft systems remain safe, there is an increasing risk of reputational damage or that ground operations may be compromised.
“We are very sorry for any concern this data security event may cause our passengers,’’ Cathay chief executive Rupert Hogg said in a statement.
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.
“We are in the process of contacting affected passengers, using multiple communications channels and providing them with information on steps they can take to protect themselves.
“We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
Cathay said it had notified the Hong Kong Police and other relevant authorities.
Anyone who believes they may be affected can contact Cathay Pacific through dedicated website infosecurity.cathaypacific.com, through a dedicated call center or via emailing [email protected].
“We want to reassure our passengers that we took and continue to take measures to enhance our IT security,’’ Hogg said.
The Association of Asia Pacific Airlines earlier this year called on the region’s aviation industry to co-operate on strengthening cyber-security as increasing digital connectivity makes it a bigger target for hackers.
