Names, addresses, birthdays, ID, passport numbers, and even travel history are just some of the personal details hackers were able to gain access to when the Cathay Pacific Airways Ltd. was compromised.
The Hong Kong-based carrier disclosed the breach that it said happened in March only at the stock exchange filing on Wednesday. It also confirmed the unauthorized access to its customers’ data in May, according to a Bloomberg report.
“We are very sorry for any concern this data security event may cause our passengers,” said Rupert Hogg, chief executive officer of Cathay Pacific in the statement posted on the carrier’s website. “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”
The carrier added that it finds no evidence that accessed personal data were misused. “The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety.”
The hackers were also able to gain access to 403 expired credit card numbers and 27 credit card numbers with no CVV.
Cathay Pacific is the third airline this year that reported a data breach following British Airways Plc and Delta Air Lines Inc.
Hogg also assured passengers that “no passwords were compromised.” He added that the carrier is in the process of contacting affected passengers and has notified the Hong Kong Police and “relevant authorities.”
The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks; and historical travel information.
The carrier advised its passengers who feel that they may have been affected by the breach to contact Cathay Pacific through a dedicated website. They can also send an email to firstname.lastname@example.org or call through the numbers on the website.
“We want to reassure our passengers that we took and continue to take measures to enhance our IT security, Hogg said. “The safety and security of our passengers remain our top priority.”
He said that as soon as they discovered the breach, they acted on it immediately and strengthened their security measures.