One of Asia’s top airlines, Cathay Pacific said Wednesday that it has discovered “unauthorized access” to the personal data of approximately 9.4 million passengers. The company said it initially discovered suspicious activity on its network in March 2018.

Unauthorized access  to  certain  personal  data  was  confirmed  in  early  May  2018, Since  that  time, analysis  of  the  data  has  continued  in  order  to  identify  affected  individuals  and  to determine whether the data at issue could be reconstructed, according to the airline.

The stolen data include the names of passengers, their nationalities, dates of  birth, telephone numbers,  email,  physical  addresses, passport numbers, identity  card  numbers, frequent flyer program, membership numbers, customer service remarks and historical travel information.

In addition, 403 expired credit card numbers and 27 credit card numbers with no CVV were accessed. The information accessed varies between passengers. No travel or loyalty profiles were accessed in full and no passwords were compromised, according to the airline.

Approximately 860,000 passport numbers and approximately 45,000 Hong Kong identity card numbers were accessed, the airline stated.

Upon discovery,  the company said it took immediate  action to contain the event, and to commence a thorough investigation with the assistance of a leading cybersecurity firm, and  to  further  strengthen  its  information  system  security  measures.