Hong Kong flag carrier Cathay Pacific hacked and 9.4M customer records stolen
Cathay Pacific Airways Ltd., the flag carrier of Hong Kong, is the latest airline to be hacked, with 9.4 million customer records stolen.
Data stolen in the hack, which occurred in March but only disclosed now, included passenger names, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer program membership number, customer service remarks and historical travel information. In a very few cases, credit card data was also stolen.
It’s not clear how the hack happened, but it does follow a hack of British Airways in September that was later linked to a hacking gang dubbed “Magecart.”
“The Cathay Pacific breach is very concerning in terms of its scale and length of time taken to alert affected customers,” Steve Malone, director of security product management at Mimecast Services Ltd., told SiliconANGLE. “It’s likely that EU citizens were included in a breach of this size and GDPR questions will be asked.”
This kind of information allows cybercriminals to do highly targeted spear phishing and social engineering attacks, often via impersonation emails against friends or business contacts, Malone explained.
“These impersonation attacks are now the easiest way for criminals to steal money and valuable data,” he said. “Notified customers should change passwords as a precaution and alert their employer’s IT security teams to help look out for attacks misusing their personal information.”
Kevin Stear, lead threat analyst at JASK Inc., noted the “ever-deteriorating state of identity protection and overall online trust,’ saying it’s further worrisome that many people have become desensitized to these breaches.
“This latest instance involves millions of individuals’ personal data that, when used on its own or in combination with other sources, can be a viable means for hacking identities through account takeovers and other means of impersonation,” Stear said. “This also begs the same question we’ve asked of the energy sector for several years: How far removed are these actors from actually affecting critical airline systems? It’s possible (and even likely) that these systems could already be breached today.”
Photo: Adrian Pingstone/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU