HONG KONG’S MAIN AIRLINE Cathay Pacific has suffered a major data leak that has exposed the data of up to 9.4 million passengers.
Data including passport numbers, credit card numbers and travel history was compromised, though the airline has stated that information has yet to be used for nefarious means.
“The Company has no evidence that any personal information has been misused. The information systems affected were separate from the Company’s flight operations systems. There is no impact on flight safety,” Cathay Pacific stated.
“The Company initially discovered suspicious activity on its network in March 2018. Upon discovery, the Company took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen its information system security measures.
“Unauthorised access to certain personal data was confirmed in early May 2018. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed.”
As yet there’s no information on whether the data leak was accidental, caused by a dodgy system, or the work of a hacker; all the airline knows is the suite of information was accessed improperly.
Give the data doesn’t look like it’s being misused, the leak may not have been as bad as it looks, not that the cybersecurity community is impressed.
“Airlines appear are an increasingly popular target for cybercriminals. In recent months, Air Canada and British Airways have suffered breaches. However the Cathay Pacific breach disclosed a feature-rich set of data, including more than 40 times more passports than the Air Canada breach, meaning it will have a much greater impact on passengers,” said Randy Abrams, senior security analyst at Webroot, in a comment sent to The INQUIRER.
“In addition to potential monetary theft, having a high number of passports compromised with passenger history and information should be of significant concern to governments across the world as they try to secure their borders.
“The sheer amount and quality of data leaked can make for extremely targeted social engineering attacks. Being able to incorporate details such as travel history can enable cybercriminals to create exceptionally plausible social engineering attacks against enterprises, helping fuel future attacks.”
Worrying stuff. And this data leak comes not long after it British Airways suffered a major data breach that saw the payment details of passengers lifted from the airline. µ
Source : Inquirer