Airlines from Hong Kong, Cathay Pacific announced that 9.4 million passengers data had been stolen. Data hacking was said to have occurred in March, but it was only announced Wednesday (10/24/2018) yesterday.
Some information regarding passenger passports such as ID card number, name, date of birth, and postal address may have been linked. Not only that, passenger flight history is also likely to be stolen, including every comment from the customer service.
Cathay Pacific recorded 403 expired credit card numbers and 27 credit card numbers without CVV numbers were also hacked. The Verge reported , the airline still had not commented whether the credit card that attaches the CVV number and has not expired, was stolen or not, Thursday (10/25/2018).
From its official website, Cathay Pacific claims that the affected IT system, separate from the flight operating system and will not affect flight security. “The company found no evidence of misuse of passenger personal information,” wrote the airline on its official website.
Cathay Pacific itself is a large destination based in Hong Kong, providing flight routes to North America, Europe, China, Taiwan, Japan, Southeast Asia and the Middle East. At present, Cathay Paific has communicated with the Hong Kong police and relevant authorities.
For passengers who might be affected by this hacking, can visit the infosecurity.cathayPacific.com website for more information. Previous passenger data hacking was also experienced by Delta, Air Canada and British Airways. But the events experienced by Cathay Pacific are called more serious.
“Cathay Pacific’s violation of a series of feature-rich data, including 40 times more than the hacking that occurred in Air Canada, means that the impact on passengers will be much greater,” explained Randy Abrams, senior internet security company analyst, Webroot.
The theft of Cathay Pacific passenger data is also different from hacking cases that attacked other faces before. Because, the hacking incident happened six months ago, but Cathay Pacific has just announced it to the public this month. Moreover, Cathay Pacific which also provides flight routes to Europe, will experience difficulties to pass the General Data Protection Regulation (GDPR) rules.
One of the rules is to oblige all companies to announce order events to customers and legal parties within three days after the incident. “In addition to reputation fees, in addition, Cathay Pacific may face the consequences of GDPR for announcing it (hacking) for too long,” added Abrams.