Cathay Pacific Hit With Data Breach: 9.4 Million Accounts Compromised Drew Wilson | October 27, 2018 Cathay Pacific is the latest to admit they were hit with a data breach. It is estimated that 9.4 million accounts were compromised. It’s just the latest data breach to hit a private company. This time, it’s the airline company Cathay Pacific. The breach also comes with controversy as the Hong-Kong based airline waited several months before making the admission. Reportedly, the breach happened clear back in March, but the news is only surfacing now. From Tech Spot: The international airline emailed customers urging them to change their passwords, even though in its announcement it said that no passwords were compromised. “No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised,” said Cathay Pacific CEO Rupert Hogg. The company claims that it took immediate action to contain the data breach and investigate the incident. The exposed information includes passenger names; nationalities; dates of birth; phone numbers; emails; addresses; passport numbers; identity card numbers; frequent flyer program membership numbers; customer service remarks; and historical travel information. However, Hogg said that there is no evidence that any of the data has been misused. Additionally, credit card numbers were accessed. Cathay Pacific tried to play this fact down in its announcement by noting that 403 of the cards were expired. This fact is meaningless considering that when your card expires the number is still valid once it’s renewed. The other 27 current cards that were compromised did not have the CVV attached. This too is of little comfort since a three-digit CVV is not hard to crack once you have the credit card number according to Naked Security. The report goes on to say that the airline does operate in the European Union. As such, there is well-founded speculation that the airline could fall under European privacy laws which carry hefty penalties for companies that do not disclose breaches within 72 hours. More specifically, the fines can take the form of a percentage of the corporations global revenue. The airline made headlines last month when the company was left red-faced because one of their newest planes had their own name spelled wrong. Some joked that the airline ran out of “f”s to give because the name was spelled “Cathay Paciic”. At this point, it’s likely that the company wishes that spelling mistakes on their planes is their biggest problem. Clearly, this is no longer the case, though. Drew Wilson on Twitter: @icecube85 and Google+.