In a statement, Cathay Pacific said it was in the process of contacting passengers who had data exposed in the breach. For the time being, the company doesn’t believe that any of the personal data has been misused. It also stated that the credit card information compromised in the leak was either expired or incomplete and did not include CVV codes.
While word of the exposure has just been made public, Cathay Pacific copped to first spotting suspicious activity on its network back in March. The company said it took “immediate action” to contain the breach and has since patched up its information system. In May, it confirmed that personal information was accessed and then proceeded to wait five months before informing the public.
Word of the Cathay Pacific breach comes just over a month after British Airways revealed that its website was hacked. That incident affected a much smaller share of passengers — about 380,000 in total — but exposed personal and financial information including names, addresses, and credit card information.