On Wednesday, October 24, 2018, Cathay Pacific announced that the organisation had discovered a data breach of information systems containing passenger data of up to 9.4 million people. The company claims that it took immediate action upon discovery to contain the event. The company at this point believes it has no evidence that personal data of any of the passengers have been misused. The airline has also made a clarification about the isolation of their IT systems from that of their flight operations and categorically stated that there is no risk to those flying.
Cathay Pacific Chief Executive Officer Rupert Hogg said via a press release, “We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
Personal data including passenger name, nationality, date of birth, phone number, email, passport number, identity card number, frequent flyer programme membership number, customer service remarks and historical travel information were compromised by the hack.
In addition to the aforementioned personal data, 403 expired credit card numbers were obtained along with 27 functional ones without their CVV. The combinations of data accessed follow no specific pattern and are hence different for each affected passenger.
The airline has notified the Hong Kong police and other relevant authorities.
Those who believe they may be affected can contact Cathay Pacific in the following ways:
- Via the dedicated website – infosecurity.cathaypacific.com – which has information on the hack and steps to be taken.
- Via Cathay Pacific’s dedicated call centre available after 12:30/25OCT (GMT+8) (toll free numbers are available on infosecurity.cathaypacific.com)
- Email Cathay Pacific at firstname.lastname@example.org
Hogg added: “We want to reassure our passengers that we took and continue to take measures to enhance our IT security. The safety and security of our passengers remains our top priority.”