A few weeks ago British Airways revealed that they faced a sophisticated cyber attack where passenger data was stolen. Now, it turns out it is Cathay Pacific’s turn. Cathay Pacific late last night issued a statement that their IT systems were compromised. About 9.4 million accounts are affected by this Cathay Pacific data breach.
Hackers could’ve accessed personal data of 9.4 million passengers back in March 2018. Passenger name, nationality, date of birth, phone number, email, address, frequent flyer membership number, and historical travel information were some of the data points that they had access to. In addition to that, 860,000 passport numbers and 245,000 Hong Kong identity card numbers were compromised.
On the credit card front, 403 expired credit card numbers were accessed and so were 27 credit card numbers with no CVV numbers attached. If your credit card information was accessed in the breach, you will be contacted directly by the airline.
Cathay Pacific went public with this data breach. But the way they conveyed this information was insensitive and very cryptic. I mean what am I supposed to make out of this statement on Twitter?
We have discovered unauthorised access to some of our passenger data. For Data Security Event support, please DM @cxinfosec for assistance.
— Cathay Pacific (@cathaypacific) October 24, 2018
An awful way to make this work especially when sensitive information is at stake. Lawmakers in Europe are going to have a field day as the airline has violated the general Data Protection Regulation (GDPR) rules.
Cathay Pacific is in touch with the Hong Kong Police and the matter is under investigation. Meanwhile, the carrier is reaching out customers who may have been affected by the hack. If you feel your data might have been compromised, you can write to Cathay.
While the occurrence of the breach is not very surprising, what is concerning is the way Cathay Pacific is handling this. Though the airline has categorically denied any misuse of passenger information, I honestly don’t think one can keep a tab on the whole world wide web to make such a claim.
Are you in trouble for having flown Cathay Pacific? What is your sense of the problem?