The company said it '"has no evidence that any personal information has been misused. The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety."
Cathay Pacific CEO Rupert Hogg said, “We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.
“We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused.
"No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”
Personal data that was accessed, the airline said, were the passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks; and historical travel information.
In addition, 403 expired credit card numbers were accessed. Twenty-seven credit card numbers with no CVV were also accessed. The combination of data list from each affected passenger varies.
Cathay Pacific has notified the Hong Kong Police and is notifying the relevant authorities.
Hogg added: “We want to reassure our passengers that we took and continue to take measures to enhance our IT security. The safety and security of our passengers remains our top priority."
British Airways announced another security breach the same day (October 25). The airline had already revealed details about theft of customer data on September 6, 2018.
In the course of working with specialist cyberforensic investigators and the UK National Crime Agency to investigate fully the original data theft, the company found that hackers may have stolen additional personal data.
British Airways is notifying the holders of 77,000 payment cards, not previously notified, that their name, billing address, email address, card payment information, including card number, expiry date and CVV have potentially been compromised. A further 108,000 cards without CVV may also be affected.
"The potentially impacted customers were those only making reward bookings between April 21 and July 28, 2018, and who used a payment card," the airline said in a statement online.
"While we do not have conclusive evidence that the data was removed from British Airways’ systems, we are taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.
The airline added that fewer of the customers than originally suspected were actually impacted. Of the 380,000 payment card details announced, 244,000 were affected, British Airways said. "Crucially, we have had no verified cases of fraud," the company stated.
"We are very sorry that this criminal activity has occurred. As we have been doing, we will reimburse any customers who have suffered financial losses as a direct result of the data theft and we will be offering credit rating monitoring, provided by specialists in the field, to any affected customer who is concerned about an impact to their credit rating," British Airways said.
Details:
Customers who are not contacted by British Airways by Friday 26 October at 1700 GMT do not need to take any action.
Anyone who believes they may be affected can contact Cathay Pacific in the following ways:
Hogg has also addressed customers on video
No comments:
Post a Comment