Cathay Pacific has suffered a data breach that has compromised the personal information of 9.4 million passengers.
The breach saw 12 fields of data compromised including names, ID and passport numbers, frequent flyer information, contact details, and travel history.
“Upon discovery, the company took immediate action to investigate and contain the event,” says the carrier.
“The company has no evidence that any personal information has been misused. The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety.”
Also accessed were 403 expired credit card numbers, and 27 credit card numbers that did not have any card verification value codes attached.
“We are very sorry for any concern this data security event may cause our passengers,” says chief executive Rupert Hogg.
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”
Cathay has contacted police and other authorities.
The Cathay data breach follows other high profile breaches in the industry. In September, British Airways disclosed that data covering 380,000 passenger transactions on ba.com and the company’s app between 21 August and 5 September were stolen.
On 30 August, Air Canada locked access to its mobile app, shutting out 1.7 million users, following a security breach that may have compromised some customers' personal information.