Breach of Hong Kong-based airline compromises personal information of 9.4 million passengers.
Cathay Pacific, a major Asian airline based in Hong Kong, this week announced a data breach compromising the personal information of 9.4 million passengers – marking the largest breach affecting any airline to date, experts report.
Back in March 2018, airline staff discovered unauthorized access to some of its information systems containing passenger data. Cathay confirmed customer data was exposed in May; since then, it has been taking steps to confirm who and what was compromised. Hong Kong police and relevant authorities have been notified, the carrier says.
The combination of data accessed varies from victim to victim. Attackers got hold of passengers' names, nationalities, birthdates, phone numbers, email and home addresses, passport numbers, identity card numbers, frequent flyer program membership numbers, customer service comments, and travel history information.
On top of that, Cathay reports 403 expired credit card numbers were exposed, as were 27 credit card numbers with no CVV. No passwords were compromised, it says, and it has not found any evidence indicating personal data was misused. Affected systems are unrelated to flight operations, it says, so this incident has had no effect on flight safety.
This isn't the first time attackers have targeted an airline. Last month British Airways issued an apology for a severe data breach that compromised credit card information and personal data belonging to 380,000 passengers.
Read more details here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024