Skip to main content

Hackers target major airline in data breach affecting nearly 10M customers

Cathay Pacific has revealed details of a massive hack that has seen the personal data of nearly 10 million of its customers stolen.

The major international airline, which operates out of Hong Kong and flies to seven U.S. cities, said on Wednesday, October 24 that it had discovered unauthorized access “to some of its information systems containing passenger data of up to 9.4 million people.”

Recommended Videos

The security breach is notable not only for the large number of people affected, but also for the broad range of personal data that was accessed by the hackers, specifically; passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer program membership number, customer service remarks, and historical travel information.

In addition, 403 expired credit card numbers were also accessed, as well as 27 credit card numbers with no CVV (a card’s security code).

The airline, which is now contacting affected customers, added that the hacked I.T. systems “are totally separate from its flight operations systems, and there is no impact on flight safety.”

At this stage, there’s no evidence that the stolen data has been misused in any way, but anyone keen to follow developments or contact the company can visit this Cathay Pacific webpage dedicated to the incident.

Cathay Pacific CEO Rupert Hogg said the company is “very sorry for any concern this data security event may cause our passengers.”

Hogg promised that the airline “acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our I.T. security measures.”

The CEO added: “We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves.”

The airline said that although no one’s travel or loyalty profile was accessed in full and no passwords were compromised, it nevertheless recommends that customers consider changing their passwords regularly, while also checking for any suspicious activity on their various accounts, while also being vigilant against phishing or other attempted scams.

The hack comes just a month after British Airways revealed hackers had nabbed personal data belonging to 380,000 of its customers. But the size and scope of this most recent hack raises serious questions about how Cathay Pacific stored its customer data and what kind of security systems the company had in place to protect it.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hacking-as-a-service lets hackers steal your data for just $10
A depiction of a hacker breaking into a system via the use of code.

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered -- and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Read more
Hacker steals 1 billion people’s records in unprecedented data breach
A depiction of a hacker breaking into a system via the use of code.

An anonymous hacker has stated that he has successfully infiltrated the Shanghai police department’s database. In doing so, he apparently extracted personal information of a staggering one billion Chinese citizens.

The individual, 'ChinaDan', took sole responsibility for the data breach. As reported by Reuters and PCMag, he detailed the incident on hacker forum Breach Forums.

Read more
Hackers targeted AMD to steal huge 450GB of top-secret data
A depiction of a hacker breaking into a system via the use of code.

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

Read more