Hong Kong, Oct 25: Hong Kong flag carrier Cathay Pacific announced on Thursday that it has discovered a data breach earlier this year in which the personal information of more than 9 million passengers may have been stolen.
The airline said that a wide range of data, including passengers’ names, dates of birth, phone numbers, email addresses and passport numbers, was exposed in a hack of its information systems earlier this year, CNN reported.
“We are very sorry for any concern this data security event may cause our passengers,” CEO Rupert Hogg said in a statement.
The Hong Kong-based carrier is in the process of contacting affected people, he added.
The hackers who hit Cathay gained access to 27 credit card numbers but without the cards’ security codes, and another 403 expired credit card numbers, according to the airline.
It said it has “no evidence that any personal data has been misused”, adding that “no passwords were compromised”.
Cathay said it first discovered “suspicious activity” on its network in March and “took immediate action to contain the event” and investigate it with the help of a cybersecurity firm.
It confirmed in May that personal data had been compromised and has since been analysing the data to identify which passengers were affected.
Cathay shares slumped more than 5 per cent in morning trading in Hong Kong on Thursday following the disclosure of the breach, CNN said.
The company has notified police in Hong Kong. It has also set up a dedicated website, infosecurity.cathaypacific.com, and call centre for customers who believe they may be affected.
The airline said the combination of data accessed by the hackers varied from passenger to passenger. It included roughly 860,000 passport numbers and 245,000 Hong Kong identity card numbers.
Cathay was ranked as the sixth best airline in the world this year by Skytrax, a London-based firm that provides advisory services for carriers and airports.
This is the latest data breach to hit a major international airline.
British Airways said last month that hackers stole the payment card details of 380,000 of its customers.