Data security event
Latest update: 25 Mar 2020 15:30 HKT (GMT+8)
Update from Cathay Pacific:
We would once again like to express our great regret and to sincerely apologize for the incident.
We have co-operated closely with the PCPD and the relevant authorities in their investigations.
We have already taken a series of decisive measures to further enhance our IT security in the areas of data governance, network security, access control, education and awareness of our people, and incident response agility.
We have spent substantial amounts on IT infrastructure and security and investments in this area will continue.
We have also enhanced our security team resources whose expertise is complemented by leading external cyber security experts.
These measures have improved our overall security and we believe they will help us prevent further unauthorized access to our systems.
However, we are aware that in today’s world, as the sophistication of cyber attackers continues to increase, we need to and will continue to invest in and evolve our IT security systems.
Our investigation reveals that there is no evidence of any personal data being misused to date - We will continue to co-operate with the PCPD to demonstrate our compliance and our ongoing commitment to protecting personal data.
On 24 October 2018, we informed the authorities of unauthorised access to some of our passenger data. Between 25 October and early November, we notified affected passengers via an individualised email or letter, which told each person the specific details of their accessed personal data.
We apologise for any concern that the data security event may have caused, and would like to reassure our customers that the systems affected were totally separate from our flight operations systems, and there was no impact on flight safety.
If you believe you have been affected, please register your enquiry or contact us.
Please note:
With regard to this data security event, we will never request your personal or financial information, and we will never ask for your password.
If you are concerned about an email, we recommend that you don’t click on any links, open any attachments or reply to it.
What to do if you believe you have been affected
If you are a member of the Marco Polo Club, Asia Miles or a Registered Account holder and if you have been affected by this event, we contacted you individually between 25 October and early November 2018. We are very sorry for the concern that this may have caused you.
If you believe you may have been affected and you haven’t heard from us already, please register your enquiry or contact us.
The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information.
In addition, 403 expired credit card numbers were accessed. 27 credit card numbers with no CVV were accessed.
The combination of data accessed varies for each affected passenger.
No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.
If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually between 25 October and early November 2018. In that communication, we told you which specific types of personal information about you had been accessed.
If you haven’t been contacted already, please register your enquiry or contact us.
We are very sorry for any concern that this may cause you.
We have no evidence that any personal information has been misused. However, in an abundance of caution, we took the decision to notify everyone we believe may have been affected.
If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually with relevant information between 25 October and early November 2018.
Although no-one’s travel or loyalty profile was accessed in full and no passwords were compromised, as best practice, we recommend that you consider:
- Changing your passwords regularly
- Checking for any suspicious activity
- Being vigilant against phishing or other attempted scams
403 expired credit card numbers and 27 credit card numbers with no CVV were accessed, and between 25 October and early November 2018 we contacted individually those passengers whose credit card information was accessed. We have no evidence that any personal information has been misused.
We have no evidence that any personal information has been misused.
No-one’s loyalty profile was accessed in full and no passwords were compromised.
If you have detected irregular activity in your Marco Polo Club or Asia Miles account, please contact member services of Marco Polo Club or Asia Miles.
In an abundance of caution and as best practice, we recommend you to
- Change your passwords regularly
- Check for any suspicious activity and
- Stay vigilant against phishing or other attempted scams
If your credit card information was accessed in this event, you will be contacted directly.
If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.
If you believe you have been a victim of financial fraud, as always, you should contact your bank or your credit card company.
Although no-one’s travel or loyalty profile was accessed in full and no passwords were compromised, as best practice, we recommend that you consider:
- Changing your passwords regularly
- Checking for any suspicious activity
- Being vigilant against phishing or other attempted scams
If you are an affected member of the Marco Polo Club, Asia Miles or a Registered User, we contacted you individually between 25 October and early November 2018 with relevant information.
We have no evidence that any personal information has been misused. However, in an abundance of caution, we took the decision to notify everyone we believe may have been affected.
If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually between 25 October and early November 2018 with relevant information.
No. The IT systems affected were totally separate from our reservation and flight operations systems. You can check your booking with us on cathaypacific.com or contact your travel agent.
The safety and security of our passengers remains our top priority, and we want to reassure you that we took and continue to take measures to enhance our IT security.
The event impacted only a very small number of valid credit card numbers with no CVV, and the IT systems affected were totally separate from our reservation systems.
If your credit card information was accessed in this event, you have been contacted directly between 25 October and early November 2018.
If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.
As best practice, we also recommend that you check for any suspicious activity on a regular basis.
If your credit card information was accessed in this event, you have been contacted directly between 25 October and early November 2018.
If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.
The event impacted only a very small number of valid credit card numbers with no CVV.
We have no evidence that any personal information has been misused.
If your credit card information was accessed in this event, you have been contacted directly between 25 October and early November 2018.
If you have been contacted directly, we recommend you contact your bank or credit card company to seek their advice.
If you are an affected member of the Marco Polo Club, Asia Miles or a Registered Account holder, we contacted you individually with relevant information between 25 October and early November 2018.
- This notice is written in English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
- Asia Miles is owned by, and provided to members by Cathay Pacific Airways Limited, and is managed and operated by Asia Miles Limited, a wholly owned subsidiary of Cathay Pacific Airways Limited, as an agent of Cathay Pacific Airways Limited.
- Hong Kong Dragon Airlines Limited is a wholly owned subsidiary of Cathay Pacific Airways Limited and Cathay Pacific Airways Limited manages and provides IT support services to Hong Kong Dragon Airlines Limited.