Cathay Pacific data breach hits 9.4 million people

Passport details such as name, nationality, date of birth, and passport number were accessed, with the airline only reaching out to its frequent flyers and registered users.
Written by Chris Duckett, Contributor

Hong Kong-based airline Cathay Pacific informed the Hong Kong stock exchange of a data breach late on Wednesday night that could affect 9.4 million people.

In a notice, the airline said it would reach out to members of its Marco Polo Club, Asia Miles, and registered users. Otherwise, people who are worried about whether they have been hit should fill in an enquiry form.

Cathay said that passenger details including name, nationality, date of birth, phone number, email address, passport number, identity card number, frequent flyer membership number, customer service remarks, and historical travel information could have been accessed.

In its statement [PDF] to the exchange, Cathay said 860,000 passport numbers and approximately 245,000 Hong Kong identity card numbers were accessed.

A small number of credit card numbers, 403 in total, were accessed, as well as 27 cards with no CVV.

"The combination of data accessed varies for each affected passenger," Cathay Pacific said.

"No one's travel or loyalty profile was accessed in full, and no passwords were compromised."

The airline said it would be offering ID monitoring services where possible, and has not seen evidence of the accessed information being misused.

"If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice," Cathay added.

The company said it had discovered suspicious activity on its network in March, and took "immediate action", with the breach confirmed in May.

"Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed," it said.

Related Coverage

Yahoo agrees to pay $50 million to settle data breach lawsuit

The company will also provide free credit monitoring services to roughly 200 million people impacted by the cyberattacks.

Hackers steal data of 75,000 users after Healthcare.gov FFE breach

CMS officials says open enrollment period won't be negatively impacted by recent breach.

Anthem agrees to pay $16 million in data breach privacy settlement

The insurer will shell out to settle a privacy violations case issued by the US government.

Uber to pay $148 million in settlment over 2016 data breach and cover-up

The nationwide settlement agreement also requires Uber to implement better data protection policies.

UK watchdog has not issued any GDPR data breach-related fines yet

UK official says ICO has been receiving 500 calls a week to the agency's breach reporting line since May 25, the day the new GDPR regulation entered into effect.

Top 5 ways to maximize customer data security (TechRepublic)

Customers are starting to get the message that their data is valuable. Tom Merritt offers five suggestions to ensure your customers' data isn't vulnerable to attack.

(Image: Estial Photography)
Editorial standards