Cathay Pacific has uncovered ‘unauthorised access’ to its systems that includes the data of up to 9.4 million passengers.
The airline says it discovered the breach during ‘ongoing IT security processes’ and took ‘immediate action’ to investigate and contain the incident.
It says it has not found any evidence that the information obtained by the hackers has been misused.
Data obtained in the breach include passenger names, nationalities, dates of birth, phone numbers, email addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks and historical travel information.
In addition, Cathay Pacific admits that 403 expired credit card numbers were accessed, as well as 27 card numbers without CVVs. It says the combination of information accessed varies for each passenger affected.
The airline is advising anyone who thinks they may be affected by the incident to visit infosecurity.cathaypacific.com or contact the airline directly.
Rupert Hogg, CEO of Cathay Pacific, said the airline is in the process of contacting all passengers affected by the incident.
Rupert Hogg, CEO of Cathay Pacific, said: “We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cyber security firm, and to further strengthen our IT security measures.
“We want to reassure our passengers that we took and continue to take measures to enhance our IT security. The safety and security of our passengers remains our top priority.”
Data security breaches in the travel industry have made international headlines recently, with British Airways revealing a breach on its website and mobile app, Uber being fined US$148 million for a 2017 hack and Air Canada warning customers to reset their mobile app passwords following a security incident.