Let's cut to the chase. Some links on this site pay us referral fees for sending business and sales. We value your time and money and won't waste it. For our complete advertising policy, click here. The content on this page is not provided by any companies mentioned, and has not been reviewed, approved or otherwise endorsed by these entities. Opinions expressed here are the author's alone.

It happened in March, so why are we hearing about it now?

It’s happened again. After Uber, British Airways, U.S. Strategic Command, Apple, Delta and countless other companies – Cathay Pacific has now been confirmed as the latest victim of a  massive data breach. The Hong Kong based airline has faced headwinds in 2018 with the rise of low cost carriers entering the Asian market, and now the delayed announcement of an incredibly large scale data breach also stands in the way. The breach occurred in March, which has many voices wondering, why wait to tell us until now?…

a row of seats in an airplane9.4 Million Customers

According to Reuters, the Cathay Pacific data breach affects 9.4 million customers, including 860,000 passport numbers and 240,000 Hong Kong Identity Cards. The breach is also said to affect credit card data, though the company comments that a large majority were expired, or did not also contain the CVV code, commonly referred to as the three digit security code. Cathay Pacific released a formal statement detailing the extent of the access…

“Accessed data includes names of passengers, their nationalities, dates of birth, telephone numbers, email and physical addresses, passport numbers, identity card numbers and historical travel information”.

March Breach, October Statement

The playbook of late, as evidenced in recent breaches such as British Airways, has been to come clean immediately. It makes sense. Customer data is sensitive, and in the world of GDPR, people deserve to know when their data has been accessed, with immediate effect. Cathay Pacific is said to have discovered the breach in March of 2018, and confirmed it in May. Yet here we are, at the tail end of October, and the breach is just being made public. How could the airline have possibly thought this breach would remain private, and why would they try to hide it from 9.4 million affected customers? These are questions which currently do not have answers.

The Story So Far

Cathay Pacific has referred the matter to Hong Kong Police, and says that no passenger data has been misused so far. Of course, that’s not an easy statement to verify. That’s serious business. At this time, there’s nothing for passengers to do other than wait, and hope their personal information isn’t used for nefarious purposes…

Gilbert Ott

Gilbert Ott is an ever curious traveler and one of the world's leading travel experts. His adventures take him all over the globe, often spanning over 200,000 miles a year and his travel exploits are regularly...

Join the Conversation


  1. Not to be upstaged, BA demonstrating further absence of care for their customers have “discreetly” announced an additional 185000 customers effected by a data breach… Press release at 19.30 on a Thursday night says it all… NOT as bad as Cathay but operating in a different legislative environment where they cannot completely obfuscate, they appear to be doing all they can to brush this one under the carpet.

Leave a comment

Your email address will not be published. Required fields are marked *