Sensitive personal details of up to 9.4 million passengers of Hong Kong airline Cathay Pacific have been compromised in a data leak.
The airline says information accessed without authorisation potentially includes customer names, nationalities, dates of birth, phone numbers, emails, addresses, passport numbers, ID card numbers, frequent flyer membership numbers, customer service remarks and historical travel information.
In addition, 403 expired credit card numbers were accessed, as well as 27 credit card numbers with no verification details.
The suspicious activity on the Cathay Pacific network was discovered in March, and the unauthorised access of customer data was confirmed in early May. It was announced on October 25.
However, Cathay Pacific Airways said it took immediate action to investigate the leak after the breach was identified by digital security processes.
In a statement, the company said flight safety was not affected because IT systems were separate from flight operations.
Cathay Pacific reassured customers it had “no evidence that any personal information has been misused”.
The airline did not respond to The New Daily‘s request for information about whether Australian customers were affected and, if so, how many. However, it has supplied an Australian helpline number (1800 567 515) for anyone who wants more information
“We are very sorry for any concern this data security event may cause our passengers,” Cathay Pacific chief Rupert Hogg said.
We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves.
“No one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
What to do if you believe you have been affected
If you are concerned that you might have been affected, you can submit a request here and Cathay Pacific will tell you if it has identified that your personal data has been accessed.
More information can be found at infosecurity.cathaypacific.com or by contacting the airline on 1800 567 515 or at firstname.lastname@example.org.
All official emails relating to the data security incident will be sent from email@example.com.
Those with general identity theft concerns can contact ID Care.