Please upgrade your web browser
You’re using a browser that we don’t support. To get the best experience using our site, we recommend you upgrade to a newer browser – please see our supported browsers list.
Skip to main content
Sign up Help and support
Book a trip
Visit ‘Asia Miles’ Shop Visit ‘Asia Miles’ Shop
oneworld

Cathay Pacific Statement – Theft of Asia Miles Incident

Latest update: 24 Jul 2025 22:30 HKT (GMT+8)

Cathay Pacific advises there have been fraudulent activities found on some Cathay Pacific's Cathay membership accounts which led to unauthorised access to personal data and theft of Asia Miles. Personal data includes personal particulars and travel details, but no credit card information was exposed.

Our preliminary investigation suggests that Asia Miles theft by unauthorised parties was the primary motivation, though the misuse of personal data remains a possibility. The unauthorised parties used valid members' credentials, some of which were found to be exposed on the internet, to log in and then fraudulently bypassed the secondary verification process to access Asia Miles in the accounts, by exploiting an issue in such process. The secondary verification issue has already been rectified and the process further strengthened by Cathay Pacific to ensure similar incidents will not happen again.

We have identified that approximately 1,000 Cathay Pacific accounts, most of which belong to Hong Kong-based members, were impacted by this incident. For the majority of the affected members, we have already been in contact with them, restored their accounts and reinstated their lost Asia Miles. We are now in the process of verifying the identities of the remaining affected members, whose accounts have been temporarily locked for security purposes. We shall contact them individually as soon as possible to restore their accounts and reinstate any lost Asia Miles.

We have reported this incident to the relevant authorities, including The Office of the Privacy Commissioner for Personal Data. We have also engaged an external expert to conduct a comprehensive independent investigation into the incident.

We would like to remind our members to stay vigilant by protecting their passwords, avoid sharing them with third parties, updating them regularly and changing to passkey authentication as an upgraded security measure. We also suggest members remain alert to phishing attempts, be cautious of any unknown or suspicious communications, refrain from opening unverified links or attachments, and remain aware of potential fraudulent activities.

We sincerely apologise to the affected members for this incident.

View all travel advisories

If you need urgent assistance

  Call Customer Care