9.4 million passengers, including Aussies, affected by major data leak.
9.4 million passengers, including Aussies, affected by major data leak.

Passport info exposed in major airline data hack

UP TO 9.4 million Cathay Pacific passengers have been affected by a major leak of personal information including passport numbers and credit card information, the airline says.

A data security breach has targeted passenger names, nationalities, dates of birth, phone numbers, email addresses and home addresses.

Passport numbers, identity card numbers, frequent flyer program membership numbers, customer service remarks and historical travel information have also been stolen.

The Hong Kong-based airline has set up helplines for worried passengers.

"We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves," Cathay Pacific's chief executive officer Rupert Hogg said.

"We have no evidence that any personal data has been misused."

The airline said it launched an investigation and notified police after an IT operation, which began in March, revealed unauthorised access to systems containing passenger data of up to 9.4 million people.

Mr Hogg said stolen data also included 403 expired credit card numbers and 27 credit card numbers with no CVV.

"The combination of data accessed varies for each affected passenger," he said.

Mr Hogg said the airline was "very sorry for any concern this data security event may cause our passengers".

"We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures," he said.

It is not known how many Australian customers may have been affected. Cathay Pacific flies regularly from Sydney, Melbourne, Perth, Brisbane, Adelaide and Cairns.

The airline said official emails relating to the data security breach will be sent from the address infosecurity@cathaypacific.com.

It is reminding passengers it does not ask for personal or financial information via email and will never ask for passwords.

The airline is recommending passengers change passwords and monitor their accounts for suspicious activity.

Passengers who are worried they have been affected by the data hack can contact Cathay Pacific via an online inquiry form. More information on the data breach can be found on a dedicated page on its website.

The airline did not mention financial compensation for passengers affected.

In September, British Airways said it would compensate passengers when it suffered a data hack that stole personal and financial details of about 380,000 customers.


- with wires