Cathay Pacific Airways issued a report late on Wednesday saying that the passport numbers and personal data of around 9.4 million passengers with the carrier and its subsidiary Hong Kong Dragon Airlines, have been leaked.
The airline said it had found suspicious activity on its network in March, and in May confirmed that there was unauthorized access to its customers’ personal data.
Cathay Pacific’s chief customer and commercial officer Paul Loo said the firm took a longer time to make the announcement as it wanted to have clarity in the matter internally first before releasing details to the public.
Following the news of the leaked data, Cathay Pacific’s shares dived by more than 6%, hitting a 9-year low to HK$9.95. As at 1.55pm Hong Kong time on Thursday, the airline’s shares were lower by 4.90% or HK$0.52, at HK$10.10.
The airline said around 860,000 passport numbers and 245,000 Hong Kong identity card numbers were accessed. A total of 27 credit card numbers with no card verification value (CVV) and 403 expired credit cards were also leaked.
Passenger’s personal data including their date of birth, phone numbers, physical addresses and nationalities were also breached.
Hong Kong’s privacy commissioner for personal data has expressed serious concern over the breach and said it will be initiating a compliance check on the airline.
Cathay Pacific said it is currently contacting the affected passengers and equipping them with measures to prepare themselves on the situation.
The data breach adds a burden on Cathay Pacific as the firm is currently undergoing a turnaround strategy by cuttings costs in a bid to increase revenue.
After years of losses, the airline posted a smaller half-year loss in August, led by a strong rise in air ticket and cargo fees. At that time, it had posted expectations on a better performance for the second half of the year.