2018 has already seen several major airlines suffering data security breaches. Recently, I’ve written about:
- In August, Air Canada forced all users to change their app passwords, following the theft of a relatively small amount of passenger data (about 20,000 people were impacted)
- In September, British Airways suffered a huge data breach, with almost 400,000 customers affected (I was one of them)
This is now happening monthly, and Cathay Pacific is the latest to be targeted.
The BBC is reporting that almost 10 million Cathay Pacific passengers were affected, with a range of information stolen, including:
- dates of birth
- passport numbers
- (expired) credit card details
- email addresses
Almost one million passport numbers alone were stolen, along with almost a quarter of a million Hong Kong identity cards.
Cathay Pacific has said that no passwords were stolen, so passwords will not need to be reset like in the Air Canada incident. This information was apparently stolen back in May, but Cathay has said they did not want to notify anyone affected back then as they didn’t want to scare anyone unnecessarily as they investigated the full extent of the breach.
Rupert Hogg, Cathay’s CEO, said of the incident:
We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. We are very sorry for any concern this data security event may cause our passengers.
Cathay Pacific is currently contacting affected passengers, presumably to reassure them their personal information will no be misused. Theft of personal information can be used in identity fraud, where a fraudster uses this stolen information to build a fake profile of someone to then use that identity for their own financial gain, such as applying for a credit card.
Cathay Pacific shares dropped 6% following news of the data breach, a nine year low.
These data breaches are now occurring monthly to some of the biggest airlines in the world. You would assume Air Canada, British Airways and Cathay Pacific would have industry leading information security controls.
I’m not a cyber security expert but based on the attacks of the last few months would expect them to continue.
If you think you may have been affected by the Cathay Pacific breach they have established a special website here.
Have you ever had your personal information compromised?