Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Cathay Says ‘Most Intense’ Period of Data Breach Lasted Months

The world’s biggest airline data breach, affecting millions of Cathay Pacific customers, was the result of a sustained cyber attack that lasted for three months, the carrier admitted, while insisting it was on alert for further intrusions.

The world’s biggest airline data breach, affecting millions of Cathay Pacific customers, was the result of a sustained cyber attack that lasted for three months, the carrier admitted, while insisting it was on alert for further intrusions.

The Hong Kong-based firm was subjected to continuous breaches that were at their “most intense” from March to May but continued after, it said in a written submission to the city’s Legislative Council ahead of a panel hearing on Wednesday.

It also looked to explain why it took until October 24 to reveal that 9.4 million passengers had been affected, with hackers getting access to personal information including dates of birth, phone numbers and passport numbers.

Cathay said that while the number of successful attacks had diminished, it remained concerned as “new attacks could be mounted”.

“Cathay is cognisant that changes in the cybersecurity threat landscape continue to evolve at pace as the sophistication of the attackers improves,” it said.

“Our plans, which include growing our team of IT security specialists, will necessarily evolve in response to this challenging environment.”

It explained in the statement that the nature of the attacks, enormous amount of investigative work and the process to identify stolen data contributed to the length of time between initial discovery and public disclosure.

It also said it was not until October 24 that it had completed the identification of the personal data that had been accessed.

Advertisement. Scroll to continue reading.

Hong Kong-listed shares in the firm were up 0.57 percent in early afternoon trade.

The city’s Privacy Commissioner for Personal Data said last week it was investigating the carrier over the hack and why it took so long to tell customers.

The airline admitted about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed, but insisted that there was no evidence that personal data has been misused.

“No passenger’s travel or loyalty profile was accessed in full, and no passenger passwords were compromised,” it said.

The company has apologized to passengers affected and said it was helping them to protect themselves.

The troubled airline is already battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals.

It booked its first back-to-back annual loss in its seven-decade history in March and has previously pledged to cut 600 staff including a quarter of its management as part of its biggest overhaul in years.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.