Skip to main content

Cathay Pacific suffers major data breach

(Image credit: Image Credit: Balefire / Shutterstock)

Personal information from roughly 9.4 million Cathay Pacific passengers has been compromised, the airline confirmed this Thursday (opens in new tab)

The breached data includes names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks and historical travel information.

However, Cathy Pacific confirmed that no passwords were compromised, although 403 expired credit card numbers and 27 credit card numbers with no CVV were accessed, as well as some 860,000 passport numbers, and 245,000 ID card numbers In Hong Kong.

The airline was quick to apologise for any inconvenience caused, and added that there was no evidence that the data had been misused.

"We are very sorry for any concern this data security event may cause our passengers," the airline's chief executive Rupert Hogg said in a statement. "We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures," Mr Hogg said.

The breach happened, and was spotted, in March this year, and was confirmed by the airline in May following a thorough investigation with an unnamed cybersecurity company.

Cathay Pacific is now notifying affected passengers, the Hong Kong police and other ‘relevant authorities’.

“As sophisticated and well-funded threat actors adapt quickly to new security measures, trying to protect customer data has become an exhausting process," said Peter Carlisle, VP EMEA, Thales eSecurity. "But the best defence in cybersecurity is a proactive one. It’s simply not acceptable that any organisation, especially one of this size, was not protecting all of its data so that it was secured against any kind of attack."

Image Credit: Balefire / Shutterstock

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.