The airline admitted that it was under attack for three months and took six months to disclose the data theft
In late October, Cathay Pacific, Hong Kong’s official airline, announced that it had suffered a significant data breach that affected more than 9 million of its passengers, as reported by cybersecurity s and digital forensics specialist from the International Institute fof Cyber Security.
The compromised data includes passport numbers, identity card numbers, email addresses, and the attackers got access to credit card details, although the exposed information varies for each passenger affected.
According to reports of experts in digital forensics, Cathay’s IT staff discovered unauthorized access to systems that stored data up to 9.4 million people. Hackers also accessed 403 credit card numbers overdue and twenty-seven credit card numbers were granted, just without their CCV.
Cathay Pacific notified the incident to local authorities and legislators. The airline also created a website for customers concerned about the status of their personal information. Now, the company has admitted that it was under attack for three months, in addition to admitting it took six months to disclose the data theft.
In the official announcement issued by the airline, the company stated that it had detected “anomalous activity” since the beginning of March 2018. Later, Cathay Pacific confirmed to be aware that in March it was under a large-scale attack on its servers. The attacks continued during the investigation.
“During this phase of the investigation, Cathay was the subject of new and more intense attacks during March, April and May. These continuous attacks meant that the company’s security incident response resources should remain focused on containment and prevention.”
“Repair activities began as part of this effort and continued throughout the process. Despite the fact that the number of successful attacks decreased, we remain concerned that new attacks could occur,” report Cathay digital forensics experts.
Cybersecurity specialists and authorities questioned the company’s decision to keep the security breach undisclosed for six long months, a situation that could have exposed its customers to additional risks depending on the nature of the stolen data.
The company explained the delay was because it spent a lot of time restoring their systems to know exactly what information the attackers accessed.