Cathay Pacific hack: 10 million customers have data including passport and credit card details stolen

Cathay Pacific has been hacked and some 9.4 million customers may have had their most personal data stolen, the airline has warned.

The breach included passport details and credit card numbers, Hong Kong’s flag carrier said.

The company found the hack during a review of its IT security processes, it said. While it was doing so, it found that someone had broken into an information system including passenger data on the 9.4 million people, it said.

The data was passenger’s names, nationality, data of birth, phone number, email, physical address, passport number, credit card details, identity card number and information on how and when people had travelled.

The airline said that it had found “no evidence that any personal information has been misused”. The hack also had no effect on flight safety because the information system is separate from its flight operations systems, it said.

“We are very sorry for any concern this data security event may cause our passengers,” said Rupert Hogg, Cathay Pacific’s CEO. “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cyber security firm, and to further strengthen our IT security measures.”

Mr Hogg said the company would contact affected passengers to inform them about how to protect themselves. But he said no information had been abused and that passwords had not been stolen.

The hack is the latest in a series of attacks on airlines. They have included smaller hacks on British Airways, Delta Airlines and Air Canada.