One of Asia’s top airlines, Cathay Pacific said Wednesday that it has discovered “unauthorized access” to the personal data of approximately 9.4 million passengers. The company said it initially discovered suspicious activity on its network in March 2018.
Unauthorized access to certain personal data was confirmed in early May 2018, Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed, according to the airline.
The stolen data include the names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses, passport numbers, identity card numbers, frequent flyer program, membership numbers, customer service remarks and historical travel information.
In addition, 403 expired credit card numbers and 27 credit card numbers with no CVV were accessed. The information accessed varies between passengers. No travel or loyalty profiles were accessed in full and no passwords were compromised, according to the airline.
Approximately 860,000 passport numbers and approximately 45,000 Hong Kong identity card numbers were accessed, the airline stated.
Upon discovery, the company said it took immediate action to contain the event, and to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen its information system security measures.