[BreachExchange] Cathay Pacific flags data breach affecting 9.4 million passengers

Destry Winant destry at riskbasedsecurity.com
Wed Oct 24 15:44:18 EDT 2018


(Reuters) - Cathay Pacific Airways Ltd said on Wednesday that data of
about 9.4 million passengers of Cathay and its unit Hong Kong Dragon
Airlines Limited had been accessed without authorization.

Cathay said 860,000 passport numbers, about 245,000 Hong Kong identity
card numbers, 403 expired credit card numbers and 27 credit card
numbers with no card verification value (CVV) were accessed in the

“We are very sorry for any concern this data security event may cause
our passengers,” Cathay Pacific Chief Executive Rupert Hogg said in a

“We acted immediately to contain the event, commence a thorough
investigation with the assistance of a leading cybersecurity firm, and
to further strengthen our IT security measures.”

Hogg said no passwords were compromised in the breach and the company
was contacting affected passengers to give them information on how to
protect themselves.

Cathay Pacific was not immediately available for additional comment
outside normal business hours.

The company said it initially discovered suspicious activity on its
network in March 2018 and investigations in early May confirmed that
certain personal data had been accessed.

News of Cathay's passenger data breach comes weeks after British
Airways revealed that credit card details of hundreds of thousands of
its customers were stolen over a two-week period.(reut.rs/2oUTNrU)

Cathay in a statement said accessed data includes names of passengers,
their nationalities, dates of birth, telephone numbers, email and
physical addresses, passport numbers, identity card numbers and
historical travel information.

It added that the Hong Kong Police had been notified about the breach
and that there is no evidence that any personal information has been

More information about the BreachExchange mailing list