Cathay Pacific, one of the main airlines in Hong Kong, says records on as many as 9.4 million passengers may have been stolen in a data breach.
The airline said in a statement Wednesday that there was “no evidence” that passenger data had been misused, but warned that passenger names, dates of birth, nationalities, phone numbers, email and postal addresses, and passport and identity card numbers may have been taken. Historical travel information and remarks made by customer service was also accessed.
A little over 400 expired credit card numbers were accessed, including 27 credit card numbers without verification numbers.
No passwords were taken in the breach, the company said.
The company said that it first identified unauthorized access to its systems in March, but didn’t say why it took more than six months to reveal the breach publicly. The company didn’t immediately respond to a request for comment outside business hours. Details were light on what led to the breach, but that the affected systems are “totally separate from our reservation and flight operations systems.”
The company said it “took immediate action” to contain the event, and notified Hong Kong police and other authorities of the incident.
Chief executive Rupert Hogg apologized for the breach. “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” he said.
The airline is one of the largest and oldest airlines around, jetting more than 30 million passengers around the world each year.
It’s the second airline security incident this year. British Airways admitted a website and app breach earlier this year, which security researchers later found was caused by credit card skimming malware injected on its site.
Source TechCrunch https://ift.tt/2qacisY