HONG KONG (AP) — Hong Kong-based Cathay Pacific Airways said Thursday it has discovered unauthorized access to the personal data of 9.4 million passengers but had no evidence the leaked information had been misused.
The breach was discovered during “ongoing security processes,” the airline said in a statement.
Hong Kong’s privacy commissioner, Stephen Kai-yi Wong, expressed “serious concern” over the lapse and urged companies to improve protection personal data.
He said his office would begin a compliance check of the airline. He urged people to change their passwords and enable “two-factor authentication,” to help protect their data.
Most Read Business Stories
- 'Sold by Amazon' program shut down after WA attorney general's antitrust investigation
- Boeing reports net loss in 2021 as cost of 787 delivery halt soars to $5.5 billion
- Amazon Go is moving toward the suburbs, starting in Mill Creek
- Crypto collapse erases more than $1 trillion in wealth, forcing a reckoning for everyday investors
- Amazon buys exclusive rights to ‘My Favorite Murder’ podcast
The news caused the airline’s shares to plunge 6.5 percent in early Hong Kong trading. By midday Thursday, Cathay Pacific’s shares were down 5.1 percent.
Cathay Pacific said the data stolen included names, nationalities; birth dates, phone numbers, addresses, passport and identity card numbers and expired credit card numbers, among other information. It said no passwords were compromised. It was contacting customers to advise them on how to protect themselves.
It also said customers could contact the airline at firstname.lastname@example.org.
“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” the airline’s CEO, Rupert Hogg said in a statement.
Cathay Pacific: www.cathaypacific.com