Another oneworld carrier has revealed details of a major data breach, with millions of passengers’ personal details stolen.
Cathay Pacific Airways has revealed that the data of up to 9.4 million of its passengers have been accessed without authorisation.
The Hong Kong-based carrier airline says it took immediate action to investigate and contain the event as soon as it was discovered and assures there is no evidence that any personal information has been misused.
The IT systems affected are separate from its flight operations systems, Cathay said, and there is no impact on flight safety. No travel or loyalty profile was accessed in full and no passwords were compromised, it added.
However, the oneworld member admits that the following areas of personal data were accessed: passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks and information on previous travel.
In addition, 403 expired credit card numbers were accessed in the breach, as well as 27 credit card numbers with no CVVs. The combination of data accessed varies according to each affected passenger.
News of the data breach comes just a month after Cathay’s oneworld partner British Airways revealed that the details of over 380,000 financial transactions were stolen.
“We are very sorry for any concern this data security event may cause our passengers,” Cathay Pacific CEO Rupert Hogg said in a statement.
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”
Cathay Pacific’s final flight between its Hong Kong base and Copenhagen, which opened for the summer on May 2, takes place tomorrow.