Cathay Pacific Airways revealed today that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines Limited had been accessed without authorization. Cathay said 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed in the breach.
Hogg said no passwords were compromised in the breach and the company was contacting affected passengers to provide more information. The company said it initially discovered suspicious activity on its network in March 2018 and investigations in early May confirmed that certain personal data had been accessed.
Cathay in a statement said accessed data includes names of passengers, their nationalities, dates of birth, telephone numbers, email and physical addresses, passport numbers, identity card numbers and historical travel information.