Cathay Pacific, the Hong Kong-based international airline, announced Wednesday that its computer system had been compromised at least seven months ago, revealing the personal data and travel histories of up to 9.4 million people.
The Break Information on private users, including phone numbers, birth dates, frequent flyer membership numbers and passport and government ID numbers, as well as information about past trips by passengers. The airline said that 27 credit card numbers – but not their corresponding security codes – had been received, as well as 403 expired credit card numbers.
"The safety of our passengers remains a top priority," said Rupert Hogg
As Asia's economic power has grown over the past 50 years, Cathay has become a major carrier in the region for its worldwide Customer service is known. Last year, it carried nearly 35 million passengers to around 200 destinations in more than 50 countries or territories. But the vulnerability has come at a difficult time for the company, which owns state-owned Air China as a major shareholder.
Cathay faces growing competition from low-cost carriers and other emerging competitors in the region over the last two years. His shares fell on Thursday in Hong Kong.
Airlines are lush targets for hackers, with their vast stores of information not only about people's identities and credit cards, but also where they were.
In an era other than Washington and other global capitals, data protection issues have come to the fore, Cathay infringement is not characterized by scale. The airline said in an application to the Hong Kong Stock Exchange that approximately 860,000 passport numbers and 245,000 Hong Kong ID cards had been disclosed. By contrast, the vulnerability that Facebook discovered last month was affecting 50 million user accounts.
Yet, the types of information that Cathay's systems have compromised could be particularly useful for malicious agents. Names, birthdays, itineraries and passport details could be used to reset passwords or obtain private financial information.
Last month, British Airways said that criminals had stolen data about persons flying on their website or app during about two weeks in August and September. This security breach revealed personal and financial details, the airline said, but no travel or passport information.
Delta Air Lines earlier this year said it had uncovered information about customer payments following a security breach in a company that has provided online chat services. In this case, customer passport data was not compromised, said Delta.