Cathay Pacific breach leaks up to 9.4m passengers' data

By

Unauthorised access known about since May.

Cathay Pacific has revealed a data breach in March exposed the information of up to 9.4 million passengers.

Cathay Pacific breach leaks up to 9.4m passengers' data

The airline said that details including “passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks and historical travel information were all “accessed”.

“In addition, 403 expired credit card numbers were accessed,” it said in a statement.

“Twenty-seven credit card numbers with no CVV were accessed. The combination of data accessed varies for each affected passenger.”

Cathay Pacific said it took “immediate action to investigate and contain the event” after uncovering it. 

However, it admits elsewhere that the breach occurred more than six months ago.

“We initially discovered suspicious activity on our network in March this year,” it said.

“Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.

“Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed.”

CEO Rupert Hogg said the airline had “no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”

Cathay Pacific said that “where possible, [it is] offering ID monitoring services” from Experian to affected passengers.

“This service monitors if your personal data may be available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised such as dark web sites.”

The airline said it had called in a “leading cybersecurity firm” as well as Hong Kong police to investigate.

It has also set up a dedicated website – infosecurity.cathaypacific.com – for flyers who think they may have been impacted.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data breachsecurity

Sponsored Whitepapers

Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
See everything. Do more.
See everything. Do more.

Events

Most Read Articles

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?