In a notice, the airline said it would reach out to members of its Marco Polo Club, Asia Miles, and registered users. Otherwise, people who are worried about whether they have been hit should fill in an enquiry form.
Cathay said that passenger details including name, nationality, date of birth, phone number, email address, passport number, identity card number, frequent flyer membership number, customer service remarks, and historical travel information could have been accessed.
In its statement [PDF] to the exchange, Cathay said 860,000 passport numbers and approximately 245,000 Hong Kong identity card numbers were accessed.
A small number of credit card numbers, 403 in total, were accessed, as well as 27 cards with no CVV.
"The combination of data accessed varies for each affected passenger," Cathay Pacific said.
"No one's travel or loyalty profile was accessed in full, and no passwords were compromised."
The airline said it would be offering ID monitoring services where possible, and has not seen evidence of the accessed information being misused.
"If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice," Cathay added.
The company said it had discovered suspicious activity on its network in March, and took "immediate action", with the breach confirmed in May.
"Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed," it said.