Cathay Pacific Suffers Largest Airline Breach
Breach of Hong Kong-based airline compromises personal information of 9.4 million passengers.
Cathay Pacific, a major Asian airline based in Hong Kong, this week announced a data breach compromising the personal information of 9.4 million passengers – marking the largest breach affecting any airline to date, experts report.
Back in March 2018, airline staff discovered unauthorized access to some of its information systems containing passenger data. Cathay confirmed customer data was exposed in May; since then, it has been taking steps to confirm who and what was compromised. Hong Kong police and relevant authorities have been notified, the carrier says.
The combination of data accessed varies from victim to victim. Attackers got hold of passengers' names, nationalities, birthdates, phone numbers, email and home addresses, passport numbers, identity card numbers, frequent flyer program membership numbers, customer service comments, and travel history information.
On top of that, Cathay reports 403 expired credit card numbers were exposed, as were 27 credit card numbers with no CVV. No passwords were compromised, it says, and it has not found any evidence indicating personal data was misused. Affected systems are unrelated to flight operations, it says, so this incident has had no effect on flight safety.
This isn't the first time attackers have targeted an airline. Last month British Airways issued an apology for a severe data breach that compromised credit card information and personal data belonging to 380,000 passengers.
Read more details here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024