|
October 25, 2018 - Cathay Pacific Airlines has announced a data breach exposing records on 9.4 million passengers. The airline is a major carrier between the United States and Asia so we expect that a large number of American travelers are included in the breach although the airline has made any announcements regarding the nationality of those included in the breach. And to add insult to injury, the airline has also announced that they are now aware of a phishing scam in which potential victims of the data breach are being targeted for more fraud.
The data breach was announced by Cathay Pacific yesterday but it was reportedly detected and stopped in March. The airline claims that it has been working on identification of affected passengers since then. If that's true, unless the airline was asked by law enforcement to forgo a timelier announcement, then the company is likely in violation of multiple state data breach laws.
The data that was stolen includes "name; nationality; date of birth; phone number; email; address; passport number; frequent flyer programme membership number; customer service remarks and historical travel information." The airline is saying that no passwords were compromised and that only 27 active credit card numbers were released. In the case of the credit cards, no security codes were included in the breach.
The airline is currently in the process of notifying affected passengers. Because of the phishing scam previously mentioned, they want passengers to know that only communications originating from
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
are legitimate.
The airline has also setup a website to deal with the breach. You can it at https://infosecurity.cathaypacific.com/en_HK.html.
Consumers who are concerned that their data may have been included in this breach should contact the airline. Anyone who believes that their personal information may have been used by someone else as a result of this breach should also contact their State Attorney General's office to see if the airline is in compliance with state data breach laws and to seek information on any remedies available to them.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|