It seems airlines are falling like dominos to data leaks, with Cathay Pacific the latest to admit to a leak.
This time, Cathay Pacific has managed to to have 9.4 million records accessible by those who have gained unauthorised access.
The dataset leaked is pretty large, with the following items being identified by the
passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks; and historical travel
In addition, 403 expired credit card numbers were accessed. Twenty-seven credit card numbers with no CVV were accessed
The airline has found no information that the data has not been misused. Honk King Authorities have been notified – although you can bet other regulators from other countries will be very interested.
Cathay Pacific Chief Executive Officer Rupert Hogg said,
“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
I’m sure by now we can accept that it’s not a matter “if” a data breach occurs, its a matter of “when”. It doesn’t help the bigger the company, the bigger the target it is.
The sideline has released the following contact information post-leak:
- Via the dedicated website – infosecurity.cathaypacific.com
- Via Cathay Pacific’s dedicated call centre available after 12:30/25OCT (GMT+8)
- Email Cathay Pacific at firstname.lastname@example.org
If you haven’t don’t already, now is an excellent time to change passwords for the Cathay Pacific site, and to keep an eagle eye on your card statements.
Whilst there are many computer systems out there – there is no excuse for a data leak out there.
If anything – it under-minds the confidence that a passenger has in an airline.
The big question of course is how many more leaks will it take before regulators clamp down on airlines hard? Or will the EU’s General Data Protection Regulations need to be a lot broader to handle the changing landscape?
But for now, if you’ve got any profile data on the Cathay Pacific site, best go and change your password.