Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Cathay Says ‘Most Intense’ Period of Data Breach Lasted Months

The world’s biggest airline data breach, affecting millions of Cathay Pacific customers, was the result of a sustained cyber attack that lasted for three months, the carrier admitted, while insisting it was on alert for further intrusions.

The world’s biggest airline data breach, affecting millions of Cathay Pacific customers, was the result of a sustained cyber attack that lasted for three months, the carrier admitted, while insisting it was on alert for further intrusions.

The Hong Kong-based firm was subjected to continuous breaches that were at their “most intense” from March to May but continued after, it said in a written submission to the city’s Legislative Council ahead of a panel hearing on Wednesday.

It also looked to explain why it took until October 24 to reveal that 9.4 million passengers had been affected, with hackers getting access to personal information including dates of birth, phone numbers and passport numbers.

Cathay said that while the number of successful attacks had diminished, it remained concerned as “new attacks could be mounted”.

“Cathay is cognisant that changes in the cybersecurity threat landscape continue to evolve at pace as the sophistication of the attackers improves,” it said.

“Our plans, which include growing our team of IT security specialists, will necessarily evolve in response to this challenging environment.”

It explained in the statement that the nature of the attacks, enormous amount of investigative work and the process to identify stolen data contributed to the length of time between initial discovery and public disclosure.

It also said it was not until October 24 that it had completed the identification of the personal data that had been accessed.

Advertisement. Scroll to continue reading.

Hong Kong-listed shares in the firm were up 0.57 percent in early afternoon trade.

The city’s Privacy Commissioner for Personal Data said last week it was investigating the carrier over the hack and why it took so long to tell customers.

The airline admitted about 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed, but insisted that there was no evidence that personal data has been misused.

“No passenger’s travel or loyalty profile was accessed in full, and no passenger passwords were compromised,” it said.

The company has apologized to passengers affected and said it was helping them to protect themselves.

The troubled airline is already battling to stem major losses as it comes under pressure from lower-cost Chinese carriers and Middle East rivals.

It booked its first back-to-back annual loss in its seven-decade history in March and has previously pledged to cut 600 staff including a quarter of its management as part of its biggest overhaul in years.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.