Hello! You are viewing your 1 free guest article this week

Please log in or join now for free, immediate and unlimited access to our award-winning online content. Find out more...

Join us
Already a member? Log in here

Travel industry news

13 Nov 2018

BY James Chapple


Cathay Pacific data breach: Airline ‘fought off hackers for months’

Cathay Pacific has revealed how it was subjected to months of “intense” cyber attacks before hackers eventually made off with 9.4 million passengers’ personal data - the largest airline data heist to date.

Cathay Pacific A350.jpg

Cathay Pacific data breach: Airline ‘fought off hackers for months’

In a submission to Hong Kong’s parliament ahead of a hearing into its efforts to stem the tide, the airline said it first detected “suspicious activity” on its network in March and took “immediate action” to contain it.

However, this was followed by further attacks, “which were at their most intense in March, April and May” but continued thereafter as well.

Cathay drafted in external security experts and resources to stem the tide, but the attacks eventually became too much.

It wasn’t until late October though that Cathay established the full extend of the data breach, going public some six months after it initially became aware of the attack.

“The nature of this attack involved a number of complex systems that took significant time to analyse,” said the airline.

“An enormous amount of work was involved in the investigation, which was highly technical. The process by which the stolen data could be identified, processed, and linked to a specific passenger also contributed to the length of time involved between initial discovery and public disclosure.”

Passenger data stolen included names, nationalities, dates of birth, phone numbers, addresses, email addresses, passport and identity card numbers, frequent flyer memberships, customer service feedback and historic travel information.

Some 403 expired credit card numbers were also accessed, as well as 27 active credit card numbers. However, the three or four-digit CVV security codes were not compromised.

In its submission, Cathay said it wanted to be able to give each affected passenger a “single, accurate and meaningful notification” rather than an “overly broad and non-specific notice”.

The airline has also reiterated its apology to passengers for any concern caused.

“We take our responsibilities with respect to our passengers’ personal data very seriously and we acknowledge that there many lessons that we can and will learn from this event.”

Add New Comment
Please sign in to comment.
Show me more

Follow Us

TTG Media Limited.
Place of registration: England and Wales.
Company number 08723341.
Registered address: New Bridge Street House, 30-34 New Bridge Street, London EC4V 6BJ
Scroll To Top