Millions of passengers affected by major data leaks

An international data leak will affect around 9.4 million Cathay Pacific passengers.

Airline reels after data breach

An international leak of passport information and credit card details will affect around 9.4 million Cathay Pacific passengers, says the airline.

Passport numbers, identity card numbers, frequent flyer membership numbers, customer service comments and passengers’ past travel information have been stolen.

The security breach has also exposed passenger names, nationalities, dates of birth, phone numbers, email addresses and home addresses. 

Cathay Pacific has set up a helpline for any past passengers to seek clarification as to whether their data was leaked.

It has also launched an investigation after discovering unauthorised access to systems containing passenger data.

“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves,” said Cathay Pacific chief executive officer Rupert Hogg.

“We have no evidence that any personal data has been misused.”

Mr Hogg said the airline was “very sorry for any concern this data security event may cause our passengers”.

“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” he said.

It is unknown how many Australian travellers were affected.

Cathay Pacific recommends any past passengers update passwords for Cathay apps and accounts.

The airline will send emails to anyone affected by the data security breach from the address infosecurity@cathaypacific.com.

If you are worried that your information may have been leaked, you can contact Cathay Pacific via an online inquiry form. More information on the data breach can be at www.cathaypacific.com.

In other news, British Airways (BA) has been busy contacting customers to notify them about personal data being stolen in a September 2018 hack that exposed 380,000 BA customers’ personal information and credit card details.

While the “sophisticated, malicious attack” last month was already considered serious, BA has admitted it was much more extensive than initially thought.

Described by BA chief Alex Cruz at the time as “a very sophisticated, malicious attack”, cyber criminals obtained the personal and financial details of customers who made direct bookings on the BA website or app.

“The investigation has shown the hackers may have stolen additional personal data and we are notifying the holders of 77,000 payment cards, not previously notified, that the name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised, and a further 108,000 without CVV,” stated British Airways.

“The potentially impacted customers were those only making reward bookings between 21 April and 28 July, 2018, and who used a payment card.”

British Airways has been working with specialist cyber forensic investigators and Britain’s National Crime Agency to investigate the data theft.

“While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution," says the airline.

“We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating.”

Have you flown with Cathay Pacific or British Airways? Have you seen any evidence that your information has been compromised?

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    MICK
    3rd Nov 2018
    9:26am
    This story simply reinforces why you should NEVER divulge all your information online. I try as much as possible to avoid having things like credit card numbers kept on a database and find the demands from airlines for passport information concerning as identity fraud is often the result of sensitive information like this getting into the hands of criminals.
    Karl Marx
    3rd Nov 2018
    11:12am
    Typical PR comment “We have no evidence that any personal data has been misused.” what a crock as how would they know. Identity theft & fraud is on the rise but I feel a lot of companies don't update their security systems & protocols as often as they should probably due to cost saving measures.
    GrayComputing
    3rd Nov 2018
    9:05pm
    Cyber security lesson 101
    (1) There are no 100% secure computers and phones (hardware) in the entire world
    (2) There are no 100% secure OS (software) in this entire world
    (3) No government on the planet is really interested in providing you with 1 + 2
    (4) Re-read 1+2+3 until you understand the implications of all of us living in a totally unsecure cyber world
    Karl Marx
    3rd Nov 2018
    10:07pm
    with total control over us by big brother & multi corporations
    SuziJ
    3rd Nov 2018
    11:39pm
    With BA, instead of paying for your fares by card, you can ask for an EFT transfer payment option. They'll then send you an e-mail with their banking details and a reference number.

    In the e-mail from the bank, the only information to BA is the booking reference number, name of payer, and the amount paid.

    Then, your credit or debit card details are not on any system.


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles