Incident of the Week: Cathay Pacific Data Breach Exposes Data of 9.4 Million Passengers
The breach was first discovered in March
Cathay Pacific, one of Hong Kong’s major international airlines, suffered a data breach affecting 9.4 million customers. The breach, announced Wednesday, was first discovered in March and officials confirmed in May that intruders had accessed its network.
Passengers’ names, nationalities, birth dates, phone numbers, emails, addresses, passport numbers and historical information were among the stolen information. The airline does not believe the compromised information has been used, and this particular computer network is not connected to flight operations, so it will not impact flight safety, the company said.
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” Cathay Pacific CEO Rupert Hogg said in a statement.
The airline is expected to face significant repercussions from EU regulators under the newly-enacted GDPR since it did not meet the time requirements for reporting the breach, and personal information of EU citizens was likely included, according to SC Magazine.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves,’’ Hogg said. “We have no evidence that any personal data has been misused. No one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
Companies doing business in the EU must report any data breach within 72 hours, so the airline could face fines and damage to its reputation, Randy Abrams, senior security analyst at Webroot, told SC Magazine.
The company said police in Hong Kong have been notified. It has also set up a dedicated website, infosecurity.cathaypacific.com, and call center for customers who believe they may be affected.
Cathay Pacific is not the first airline to suffer a data breach; both British Airways and Air Canada had their systems hacked earlier this year. Cathay Pacific was ranked the sixth top airline in the world this year by UK-based aviation industry reviewer Skytrax.