HONG KONG • Cathay Pacific Airways has said that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines had been accessed without authorisation.
Cathay said yesterday that about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value were accessed in the breach.
The company said it initially discovered suspicious activity on its network in March and investigations in early May confirmed that certain personal data had been accessed, Reuters reported.
Accessed data includes names of passengers, their nationalities, dates of birth, telephone numbers, e-mail and physical addresses, passport and identity card numbers and historical travel information, the company said.
It added that the Hong Kong police had been notified about the breach and that there is no evidence that any personal information has been misused.
The incident follows a string of data breaches which had hit prominent organisations in recent months.
British Airways apologised early last month after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the most serious attack on its website and app.
The airline discovered on Sept 5 that bookings made between Aug 21 and Sept 5 had been infiltrated in a "very sophisticated, malicious criminal" attack, its chairman and chief executive Alex Cruz said. It immediately contacted customers when the extent of the breach became clear, Reuters reported.
About 380,000 card payments were compromised, the airline said, with hackers obtaining names, street and e-mail addresses, and credit card numbers, expiry dates and security codes - sufficient information to steal from accounts.
In July, Thailand's Krung Thai Bank and Kasikornbank said their systems were hacked, exposing client information, but reported no financial damage and pledged to tighten up cyber security.