Cathay Pacific Airways Ltd. said Wednesday that data for about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines Ltd. had been accessed without authorization.
Cathay said 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed in the breach.
"We are very sorry for any concern this data security event may cause our passengers," Cathay Pacific Chief Executive Rupert Hogg said in a statement.
"We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures."
Hogg said no passwords were compromised in the breach and that the company was contacting affected passengers to give them information on how to protect themselves.
Cathay Pacific was not immediately available for additional comment outside normal business hours.
The company said it initially discovered suspicious activity on its network in March 2018, and that investigations in early May confirmed certain personal data had been accessed.
News of Cathay's passenger data breach comes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolen over a two-week period.
In a statement, Cathay said that the data accessed included names of passengers, their nationalities, dates of birth, telephone numbers, email and physical addresses, passport numbers, identity card numbers and historical travel information.
It added that the Hong Kong Police had been notified about the breach and that there was no evidence any personal information had been misused.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.