The recent data breach of Cathay Pacific compromised more than 9.4 million passengers. Read on to know more about the latest data breach of Cathay Pacific…
Cathay Pacific, the Hong Kong-based international airline, has discovered a data breach in which the personal information of more than 9.4 million passengers may have been stolen. Cathay Pacific, acknowledged that its computer system had been compromised at least seven months ago, exposing the personal data and travel histories. Cathay Pacific said that a wide range of data including passengers’ names, dates of birth, phone numbers, email addresses and passport numbers was exposed in a hack of its information systems earlier this year.
“We are very sorry for any concern this data security event may cause our passengers,” CEO Rupert Hogg said in a statement. He said there was “no evidence” the information had been misused. The Hong Kong-based carrier is in the process of contacting affected people, he added. Hogg said that “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,”.
Cathay Pacific said it first discovered “suspicious activity” on its network in March and “took immediate action to contain the event” and investigate it with the help of a cybersecurity firm. It confirmed in May that personal data had been compromised and has since been analyzing the data to identify which passengers were affected.
Passport numbers, government ID numbers, email addresses, expired credit card details, dates of birth, frequent flier membership numbers, and travel history, were among the data leaked. The hackers who hit Cathay Pacific gained access to 27 credit card numbers but without the cards’ security codes, and another 403 expired credit card numbers, according to the airline. It said it has “no evidence that any personal data has been misused,” adding that “no passwords were compromised.”
Cathay Pacific said the combination of data accessed by the hackers varied from passenger to passenger. It included roughly 860,000 passport numbers and 245,000 Hong Kong identity card numbers.
When this new broke out, Cathay Pacific’s shares slumped more than 5% in morning trading in Hong Kong on following the disclosure of the breach.
Cathay Pacific has notified police in Hong Kong and has also set up a dedicated website, infosecurity.cathaypacific.com, and call center for customers who believe they may be affected.
Still, the types of information in Cathay Pacific’s systems that were compromised could be particularly useful to malicious agents. Names, birthdays, travel itineraries and passport details could be used to reset passwords or obtain private financial information.
Other Data Leaks
Cathay’s is latest embarrassing data breach to hit a major international airline. British Airways said last month that hackers stole the payment card details of 380,000 of its customers. British Airways said that criminals had stolen data on people who booked flights on its website or app during a roughly two-week period in August and September. That security breach exposed personal and financial details, the airline said, but not travel or passport information.
Air Canada app has suffered a data breach in August, resulting in the suspected loss of thousands of its customers’ personal details.
In April, Delta Airlines said credit card details of thousands of customers were exposed following a cyber-attack on a vendor. Delta Air Lines said that customer payment information had been exposed after a security breach at a company that provided online chat services for it. In that case, no customers’ passport details were compromised, Delta said.
Airlines are juicy targets for hackers, with their vast stores of information not only on people’s identities and credit cards, but also on where they have been.
In an era when issues of data protection have come to the fore in various parts of the globe, the Cathay Pacific breach does not stand out for its scale. By contrast, the security breach discovered by Facebook last month involved 50 million user accounts.