An international leak of passport information and credit card details will affect around 9.4 million Cathay Pacific passengers, says the airline.
Passport numbers, identity card numbers, frequent flyer membership numbers, customer service comments and passengers’ past travel information have been stolen.
The security breach has also exposed passenger names, nationalities, dates of birth, phone numbers, email addresses and home addresses.
Cathay Pacific has set up a helpline for any past passengers to seek clarification as to whether their data was leaked.
It has also launched an investigation after discovering unauthorised access to systems containing passenger data.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves,” said Cathay Pacific chief executive officer Rupert Hogg.
“We have no evidence that any personal data has been misused.”
Mr Hogg said the airline was “very sorry for any concern this data security event may cause our passengers”.
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” he said.
It is unknown how many Australian travellers were affected.
Cathay Pacific recommends any past passengers update passwords for Cathay apps and accounts.
The airline will send emails to anyone affected by the data security breach from the address email@example.com.
In other news, British Airways (BA) has been busy contacting customers to notify them about personal data being stolen in a September 2018 hack that exposed 380,000 BA customers’ personal information and credit card details.
While the “sophisticated, malicious attack” last month was already considered serious, BA has admitted it was much more extensive than initially thought.
Described by BA chief Alex Cruz at the time as “a very sophisticated, malicious attack”, cyber criminals obtained the personal and financial details of customers who made direct bookings on the BA website or app.
“The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV,” stated British Airways.
“The potentially impacted customers were those only making reward bookings between 21 April and 28 July, 2018, and who used a payment card.”
British Airways has been working with specialist cyber forensic investigators and Britain’s National Crime Agency to investigate the data theft.
“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution,” says the airline.
“We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.”
Have you flown with Cathay Pacific or British Airways? Have you seen any evidence that your information has been compromised?