Most people in the world would describe it as a company “admitting they’ve been hacked.”

But if you’re the breached company and want to apply the maximum amount of PR spin, you might instead issue a release saying you’re “announcing a data security event affecting customer data.”

Read beyond the headline, however, and you’ll discover that the Hong Kong-based airline has admitted that hackers gained unauthorized access to its internal systems and accessed the passenger data of up to 9.4 million people.

With Hong Kong’s population being approximately 7.4 million people, it’s clear that this is a data breach that impacts travelers around the world.

The personal data accessed by the hackers includes passenger names, nationalities, dates of birth, phone numbers, email addresses, addresses, passport numbers, identity card numbers, frequent flier membership numbers, customer service remarks and historical travel information.

In addition, 403 expired credit card numbers were accessed by the hackers as well as 27 credit card numbers without CVV information.

It’s obviously good that more financial information wasn’t taken by the hackers, but in many ways, it’s a red herring. After all, it’s relatively simple to freeze a credit card and apply for a new one. It’s a lot more difficult and time-consuming to apply for a new passport or Hong Kong identity card.

In isolation, personal information such as that described above may not be enough for a criminal to commit – say – identity theft, but combined with other pieces of personal data, it can help a fraudster complete the jigsaw.

Although Cathay Pacific has only just announced that it has suffered a hack, that doesn’t mean that the company has only just discovered it has a problem.

The airline says that it first detected “suspicious activity” on its network in (Read more...)