Cathay Pacific Airways Limited, the flag carrier of Hong Kong suffered a major Data Security breach. This Data Security Event is the worst damaging cyber attack ever to hit an airline. The theft compromised highly sensitive information of 9.4 million customers. Out of this total number 3, 80,000 passenger’s financial details were stolen.
The compromised data include:
- Personal Data: Passenger Name, Date of Birth, Nationality, passport number, Identity Card Number, Address, Email, Phone Number, customer service remarks, frequent flyer programme membership number, Historical travel information
- Credit Card Details:
- 403 expired Credit card Numbers,
- 27 Credit cards with no CVV
Information stolen varies from passenger to passenger.
Modus Operandi on the scam revels that:
- Loyalty profile of none of the passenger was accessed in full.
- No passwords have been compromised.
- Also, there are no evidences of misuse of personal information of any passenger.
There is no information regarding the financial compensation for the passengers affected by the data leak.
Cathay Pacific data breach revealed that the suspicious activity on its network was detected in March 2018. Investigations were conducted in early May that confirmed the personal data of certain passengers were accessed.
In a bid to gain user’s eroding confidence in the airlines’ cyber security, the airline claims:
- To take stringent measures to enhance airline’s IT security.
- That there is no impact on flight safety measures as the IT system setup is totally isolated from its flight operations systems.
The investigation on the matter is still in progress and those affected by the breach will be informed by an email sent from [email protected] email address. However this notification is restricted to registered users or members of the Marco Polo Club and Asia Miles. Users who are suspicious about their data can raise the concern with the airline.
Remedial steps to secure your data
- Consider changing your password of credit cards or debit cards.
- If possible get your cards replaced.
- Monitor card reports for unauthorized any unauthorized activity.