We would like to inform you of a data security event that may involve some of your personal data. We are very sorry for any concern that this event may cause you, and this notice will provide you with information about what happened and how we can assist you.
We initially discovered suspicious activity on our network in March this year. Upon discovery, we took immediate action to contain the event, to commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures. Unauthorised access to certain personal data was confirmed in early May. Since that time, analysis of the data has continued in order to identify affected individuals and to determine whether the data at issue could be reconstructed.
We have no evidence that any personal data has been misused. We recommend that you follow the steps outlined in this notice to help protect yourself against potential risks.
What information was involved?
The following types of personal data of Cathay Pacific and Cathay Dragon passengers were accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks; and historical travel information.
The combination of data accessed varies for each affected passenger.
No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.
What are we doing to help?
We are contacting affected passengers to provide information on steps that you can take to protect yourself. If you are an affected member of the Marco Polo Club, Asia Miles or a Registered User, you will be contacted individually in the coming days. In that communication, we will tell you which specific types of personal information about you may have been accessed.
If you believe you may have been affected, you can submit a request here and we will tell you if we have identified your personal data as having been accessed.
Where possible, we are offering ID monitoring services to affected passengers and this will be provided by Experian, a global data and information service provider. This service (IdentityWorks Global Internet Surveillance) monitors if your personal data may be available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised such as dark web sites. If you are an affected member of the Marco Polo Club, Asia Miles or a Registered User, we will contact you individually with relevant information.
We have notified, or are notifying, the relevant authorities and the Hong Kong Police.
What should I do?
Although no-one’s travel or loyalty profile was accessed in full and no passwords were compromised, as best practice, we recommend that you consider:
- changing your passwords regularly;
- checking for any suspicious activity; and
- being vigilant against phishing or other attempted scams.
To date, there is no evidence of misuse. However, it is possible that personal data could be misused for unauthorised purposes such as fraud or identity theft.
As mentioned above and where possible, we are offering ID monitoring services to affected passengers. If you are an affected member of the Marco Polo Club, Asia Miles or a Registered User, we will contact you individually with relevant information. If you are not sure if you are affected, please register your enquiryOpen a new window with us and we will get back to you.
For more information
If you have any further questions about the event, more information is available at infosecurity.cathaypacific.com, or you can:
We want to reassure you that there is no impact on flight safety as the IT systems affected are totally separate from our flight operations systems, and that we continue to take measures to enhance our IT security. Your safety and security remains our top priority.
For your information:
- Asia Miles is owned by, and provided to members by Cathay Pacific Airways Limited, and is managed and operated by Asia Miles Limited, a wholly owned subsidiary of Cathay Pacific Airways Limited, as an agent of Cathay Pacific Airways Limited.
- Hong Kong Dragon Airlines Limited is a wholly owned subsidiary of Cathay Pacific Airways Limited and Cathay Pacific Airways Limited manages and provides IT support services to Hong Kong Dragon Airlines Limited.
Latest update: 24 Oct 2018 22:30 HKT (GMT+8)