SINGAPORE: Cathay Pacific Airways on Wednesday (Oct 24) said that it has discovered unauthorised access to some of its information system containing the passenger data of up to 9.4 million people.
The company said it initially discovered suspicious activity on its network in March 2018 and investigations in early May confirmed that certain personal data had been accessed.
It has notified the Hong Kong police and relevant authorities.
Personal data accessed included "passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks and historical travel information," said the company.
Cathay said 860,000 passport numbers and about 245,000 Hong Kong identity card numbers were accessed, along with 403 expired credit card numbers and 27 credit card numbers with no Card Verification Value (CVV).
"The combination of data accessed varies for each affected passenger," said the company.
It added that it had "no evidence" any of the personal data had been misused.
"Upon discovery, the company took immediate action to investigate and contain the event," it said. "The company has no evidence that any personal information has been misused."
"The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety."
The company is in the process of contacting affected passengers, said Cathay Pacific CEO Rupert Hogg.
“We have no evidence that any personal data has been misused," he added. "No one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
He apologised for the incident and the concern it might have caused passengers.
"We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures," he added.
Anyone who thinks they may have been affected can go to infosecurity.cathaypacific.com for more information.
News of Cathay's passenger data breach comes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolen over a two-week period.