Not good: Cathay Pacific victim of major data security breach

ByScott

Alt text: A notification from Cathay Pacific regarding a data security event. The latest update is dated 24 Oct 2018 at 22:30 HKT (GMT+8). The message states that unauthorized access to some passenger data was discovered, and immediate action was taken to contain the event and strengthen IT security measures. The website provides instructions for affected passengers. There are specific links for those located outside the US and for US residents. A note at the bottom advises that official emails will come from infosecurity@cathaypacific.com and that they will never request personal or financial information or passwords. It also recommends not clicking on any links, opening attachments, or replying to suspicious emails.

With eerie regularity airlines and hotel chains seem to be the target of pretty major security events – and today it is the turn of Cathay Pacific. In total, over 9 million customer records were stolen, including the following: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information.

If there is a positive side to the incident, it is that virtually no credit card information was stolen, though I see the theft of passport information something on a whole new level of dangerous. Turning passport data into an actual counterfeit passport is incredibly complex (and expensive), but the data from a valid passport is often traded on the dark web for as little as $5.

The airline is quite well prepared for the incident (as all companies that collect personal data should be), and it has launched a site dedicated to the incident – click here to access it. There is currently no way to check whether your data was included in the breach, and the airline is only notifying customers through email.

Cathay is definitely not the first to be hit, and it won’t be the last. British Airways was hit earlier this year in a breach that did include credit card information. Incredibly, the 2018 tally for stolen data has already topped the 1 billion mark – and when you include recent hacks at Facebook and this Cathay Pacific incident, we’re well on our way to the 2 billion mark before the year is over… As usual, keep a close eye on your credit report, financial statements and for any signs of changes being made to your accounts, travel documents or airline account information.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.