Cathay Pacific, the primary airline of Hong Kong, was hit with a major data breach, affecting up to 9.4 million passengers.
Personal information including passport numbers, identity numbers, credit card numbers, frequent flyer membership program numbers, customer service comments, and travel history were compromised, the company said.
However, no passwords were compromised in the breach.
Cathay Pacific said it was in the process of contacting passengers whose data was exposed in the breach, and that it doesn’t believe any personal data has been misused – for the time being.
It added that although credit card information was compromised in the breach, it consisted of expired or incomplete information, and did not include any CVV numbers.
The company said that it had first noticed suspicious activity on its network in March, and that it took immediate action to contain the breach.
It confirmed in May that personal information was accessed, and the company proceeded to wait five months before informing the public.