Aftermath of the Data Breach: Cathay Pacific Customers Losing Confidence

Cathay Pacific itself has admitted that their customers’ confidence with the airline suffered a massive blow due to the 9.4 million customer records data breach. The unfortunate customers had their passport numbers and credit card numbers exposed to unknown third parties, which is a serious breach to consumer data privacy policy. The following data of Cathay Pacific customers are stolen:

• Fullname
• Birthdate
• Nationality
• Contact number
• Passport number
• Travel information
• Credit Card Number

As disclosed by Cathay Pacific, out of 9.4 million potential records stolen, they have confirmation that those responsible for the breach actually used 860,000 passport numbers, 245,000 Hongkong numbers, and 27 valid credit card numbers. Cathay Pacific is known as a premier flag carrier for the Hongkong special administrative region, which was ranked as the 6th best airline in the world for 2018. With the news of the breach, they are set to lose that position.

“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cyber security firm, and to further strengthen our IT security measures. We want to reassure our passengers that we took and continue to take measures to enhance our IT security,” explained Rupert Hogg, CEO of Cathay Pacific.

Webroot, a mainstream antimalware vendor and research firm weight-in with the gravity of the data breach. It underscores a huge obligation for the airline to settle the issue in a very expensive way, as GDPR applies to them as they have European customers as well. “The Cathay Pacific breach disclosed a feature-rich set of data, including more than 40 times more passports than the Air Canada breach, meaning it will have a much greater impact on passengers. In addition to the reputation cost, Cathay Pacific may face costly GDPR repercussions due to the amount of time that passed,” emphasized Randy Abrams, Webroot’s Senior Security Analyst.

The Hongkong police office is already involved with the technical investigation of the case, and Cathay Pacific expressed its full cooperation with all relevant authorities to get to the bottom of the cause of the breach. At the time of this writing, Cathay Pacific continues to operate and its flights were not hindered by airport authorities. In their official corporate statement, the airline assures continued service to its passengers at the wake of the breach. “The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety,” concluded Cathay Pacific.

For those who think that they are affected by the breach, please visit infosecurity.cathaypacific.com for the updated information about the developments of the case. Contact information for Cathay Pacific customer support can also be found in the mentioned special microsite.

Hacked airline records are not rare, British Airways was hacked last September but only affected 380,000 passenger credit card numbers. As other industries become more security aware and ready, vulnerable industries like the healthcare sector and the airline sector started becoming lucrative targets.