Cathay Pacific has revealed details of a massive hack that has seen the personal data of nearly 10 million of its customers stolen.
The major international airline, which operates out of Hong Kong and flies to seven U.S. cities, said on Wednesday, October 24 that it had discovered unauthorized access “to some of its information systems containing passenger data of up to 9.4 million people.”
The security breach is notable not only for the large number of people affected, but also for the broad range of personal data that was accessed by the hackers, specifically; passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer program membership number, customer service remarks, and historical travel information.
In addition, 403 expired credit card numbers were also accessed, as well as 27 credit card numbers with no CVV (a card’s security code).
The airline, which is now contacting affected customers, added that the hacked I.T. systems “are totally separate from its flight operations systems, and there is no impact on flight safety.”
At this stage, there’s no evidence that the stolen data has been misused in any way, but anyone keen to follow developments or contact the company can visit this Cathay Pacific webpage dedicated to the incident.
We have discovered unauthorised access to some of our passenger data. For Data Security Event support, please DM @cxinfosec for assistance.
— Cathay Pacific (@cathaypacific) October 24, 2018
Cathay Pacific CEO Rupert Hogg said the company is “very sorry for any concern this data security event may cause our passengers.”
Hogg promised that the airline “acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our I.T. security measures.”
The CEO added: “We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves.”
The airline said that although no one’s travel or loyalty profile was accessed in full and no passwords were compromised, it nevertheless recommends that customers consider changing their passwords regularly, while also checking for any suspicious activity on their various accounts, while also being vigilant against phishing or other attempted scams.
The hack comes just a month after British Airways revealed hackers had nabbed personal data belonging to 380,000 of its customers. But the size and scope of this most recent hack raises serious questions about how Cathay Pacific stored its customer data and what kind of security systems the company had in place to protect it.