Personal information from roughly 9.4 million Cathay Pacific passengers has been compromised, the airline confirmed this Thursday (opens in new tab).
The breached data includes names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks and historical travel information.
However, Cathy Pacific confirmed that no passwords were compromised, although 403 expired credit card numbers and 27 credit card numbers with no CVV were accessed, as well as some 860,000 passport numbers, and 245,000 ID card numbers In Hong Kong.
The airline was quick to apologise for any inconvenience caused, and added that there was no evidence that the data had been misused.
"We are very sorry for any concern this data security event may cause our passengers," the airline's chief executive Rupert Hogg said in a statement. "We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures," Mr Hogg said.
The breach happened, and was spotted, in March this year, and was confirmed by the airline in May following a thorough investigation with an unnamed cybersecurity company.
Cathay Pacific is now notifying affected passengers, the Hong Kong police and other ‘relevant authorities’.
“As sophisticated and well-funded threat actors adapt quickly to new security measures, trying to protect customer data has become an exhausting process," said Peter Carlisle, VP EMEA, Thales eSecurity. "But the best defence in cybersecurity is a proactive one. It’s simply not acceptable that any organisation, especially one of this size, was not protecting all of its data so that it was secured against any kind of attack."
Image Credit: Balefire / Shutterstock