Cathay Pacific

The Cathay Pacific airline announced today that a system containing passenger data for up to 9.4 million passengers was breached by attackers. 

According to Cathay Pacific, suspicious activity was first detected in March, and when detected, an investigation was started with the help of a cyber security firm to determine how the attackers gained access to their systems and for assistance fixing the breach. As part of this investigation, they learned in May that attackers were able to gain access to systems that contained the personal data of up to 9.4 million passengers.

In a security notice, the airline has stated that the following information has been accessed:

"The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information.

In addition, 403 expired credit card numbers were accessed.  27 credit card numbers with no CVV were accessed.

The combination of data accessed varies for each affected passenger.

No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised. "

The company has also stated that they have no evidence that any of the personal information was misused, but then again it is not known how they would even know this.

For those who are affected by the breach, the airline will be sending out notifications from the infosecurity@cathaypacific.com email address. Cathay Pacific has stated that they are only sending emails to members of the Marco Polo Club and  Asia Miles or if you are a registered user affected by this breach. If you do not receive an email, but are concerned you are affected, you can create an inquiry to have the airline look into it.

Cathay Pacific has apologized for the breach and have stated that they will be strengthening their security measures.

“We are very sorry for any concern this data security event may cause our passengers," stated Cathay Pacific Chief Executive Officer Rupert Hogg. "We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.

Anyone who was affected by this breach should immediately contact their credit card companies and potentially get a new card sent out. Victims should also monitor their credit reports for any unauthorized activity.

Related Articles:

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Apex Legends players worried about RCE flaw after ALGS hacks

Fujitsu found malware on IT systems, confirms data breach

AT&T says leaked data of 70 million people is not from its systems

French unemployment agency data breach impacts 43 million people