Hong Kong-based Cathay Pacific discovered a data breach that compromised the information of more than 9 million passengers, the company announced last week. It is the biggest breach to date of an airline.
In the same release, Cathay announced that the “types of personal data accessed were the names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks, and historical travel information.” They went on to state that there was “no impact on flight safety.”
Although the company lacks the name recognition in the U.S. as other recently breached airlines such as British Airways and Delta, it is a major player in its field and services over 50 countries and territories. Its shares dropped over 5% following the disclosure of the breach. Given that Cathay’s delay in announcing the breach took several months, it’s unknown what the consequences will be with regards to the EU’s GDPR legislation, which requires a maximum data breach disclosure period of 72 hours.
The air travel industry is similar to that of healthcare in that their tendency to track and accumulate large amounts of information on their customers make them ripe targets for hacking.
Read more about the story here.