Cathay Pacific Airways Ltd.Hong Kong’s flag carrier has just announced its believed to be the worst data breach in airline industry affected up to 9.4 million passengers much wider than incidents attributed and reported by Delta and British Airways earlier in the year.
Data breach involves 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers, passenger names, nationalities, dates of birth, phone numbers, emails, addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks and historical travel information and credit card numbers with no card verification value (CVV) were compromised.
Airlines denounced action
The company said it initially discovered suspicious activity on its network in March 2018 during their “Ongoing Security check” and investigations in early May confirmed that certain personal data had been accessed.
Professionals and experts have denounced Airlines lack of security measures as it taking seven months to reveal the breach, adding that the airline should have taken initiative on the first day the discovery was made. This would have warned aviator industry of its possible breach on their own system.
What was the Airline shortfall?
As per “Stephen Burke, founder and CEO at Cyber Risk Aware, said: “At this moment in time, we’re unaware of how the initial breach occurred. If this draws parallels to British Airways, where unpatched systems were publicly accessible and then exploited as a result, this then implies that, not only was data security not thought out properly, but the basics of maintaining and patching systems as well as monitoring the network to identify abnormal behavior was not being carried out. “
Airline breach aftermath
The airline is now facing a call from the Hong Kong IT industry to extend its free identity surveillance service from 12 months to several years in the wake of the incident. Communication channels and websites are helping customers who believe they have been affected by the security breach can also contact Cathay online – infosecurity.cathaypacific.com – or by telephone.
If passengers believe that may have been affected, they can submit a request online and Cathay will say if they have identified that personal data as having been jeopardized.