Cathay Pacific, a major Asian airline based in Hong Kong, this week announced a data breach compromising the personal information of 9.4 million passengers – marking the largest breach affecting any airline to date, experts report.
Back in March 2018, airline staff discovered unauthorized access to some of its information systems containing passenger data. Cathay confirmed customer data was exposed in May; since then, it has been taking steps to confirm who and what was compromised. Hong Kong police and relevant authorities have been notified, the carrier says.
The combination of data accessed varies from victim to victim. Attackers got hold of passengers' names, nationalities, birthdates, phone numbers, email and home addresses, passport numbers, identity card numbers, frequent flyer program membership numbers, customer service comments, and travel history information.
On top of that, Cathay reports 403 expired credit card numbers were exposed, as were 27 credit card numbers with no CVV. No passwords were compromised, it says, and it has not found any evidence indicating personal data was misused. Affected systems are unrelated to flight operations, it says, so this incident has had no effect on flight safety.
This isn't the first time attackers have targeted an airline. Last month British Airways issued an apology for a severe data breach that compromised credit card information and personal data belonging to 380,000 passengers.
Read more details here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.