A hack on Cathay Pacific’s information system exposed the personal data of up to 9.4 million people, the airline announced today.

Unauthorised access was made to a database containing passengers’ name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks, and historical travel information.

Cathay Pacific said the combination of data accessed varied for each passenger.

It said it had notified Hong Kong Police and was contacting other relevant authorities, and had so far found “no evidence that any personal information has been misused.”

In addition, 403 expired credit card numbers were accessed while twenty-seven credit card numbers with no CVV were accessed.

The airline said the data breach had no impact on flight safety.

“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” Cathay Pacific Chief Executive Officer Rupert Hogg said in a statement.

“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”

Anyone who believes they may be affected can contact Cathay Pacific in the following ways:

  • Via this website, which provides information about the event and what to do next
  • Via a call centre available after 12:30/25OCT (GMT+8) (toll free numbers are available on infosecurity.cathaypacific.com)
  • By emailing Cathay Pacific at [email protected]

Last month British Airways announced the theft of customer data from its website, with around 380,000 financial transactions believed to have been compromised.