One of Asia’s top airlines has discovered a data breach in which the personal information of more than 9 million passengers may have been stolen.
Cathay Pacific (CPCAY) said late Wednesday that a wide range of data — including passengers’ names, dates of birth, phone numbers, email addresses and passport numbers — was exposed in a hack of its information systems earlier this year.
“We are very sorry for any concern this data security event may cause our passengers,” CEO Rupert Hogg said in a statement. The Hong Kong-based carrier is in the process of contacting affected people, he added.
It’s the latest embarrassing data breach to hit a major international airline. British Airways said last month that hackers stole the payment card details of 380,000 of its customers.
The hackers who hit Cathay gained access to 27 credit card numbers but without the cards’ security codes, and another 403 expired credit card numbers, according to the airline. It said it has “no evidence that any personal data has been misused,” adding that “no passwords were compromised.”
Cathay said it first discovered “suspicious activity” on its network in March and “took immediate action to contain the event” and investigate it with the help of a cybersecurity firm. It confirmed in May that personal data had been compromised and has since been analyzing the data to identify which passengers were affected.
Cathay shares slumped more than 5% in morning trading in Hong Kong on Thursday following the disclosure of the breach.
The company has notified police in Hong Kong. It has also set up a dedicated website, infosecurity.cathaypacific.com, and call center for customers who believe they may be affected.
The airline said the combination of data accessed by the hackers varied from passenger to passenger. It included roughly 860,000 passport numbers and 245,000 Hong Kong identity card numbers.
Cathay was ranked as the sixth best airline in the world this year by Skytrax, a London-based firm that provides advisory services for carriers and airports.