Hong Kong-based airline Cathay Pacific said on Wednesday it had been affected by a data leak that could affect up to 9.4 million passengers.
“We have no proof that personal data were diverted,” said Cathay Pacific boss Rupert Hogg in a statement posted on the airline’s website.
“The following personal data have been accessible: the passenger’s name, nationality, date of birth, telephone number, email, address, passport number, identity card number, loyalty card, customer service notes, and the history of travel information, “he said.
He also said that the numbers of 403 expired credit cards and 27 cards without their cryptogram were accessible.
The details of “accessible data vary for each passenger,” said Hogg.
“We are contacting the affected passengers, using multiple means of communication, and informing them of the measures they can take to protect themselves,” he added.
The company said it launched an investigation and alerted police after a computer process revealed unauthorized access to systems with up to 9.4 million people.
The leak comes as the struggling airline faces pressure from lower-cost Chinese rivals and rivals from the Middle East.
The company experienced for the first time in March two consecutive years of losses in 71 years of history. In May 2017, it announced the elimination of 600 jobs, including a quarter of executives.
Mr Hogg did not mention any financial compensation for the passengers concerned by the data leak, unlike British Airways, which promised compensation following a similar incident.
The British airline revealed last month that it suffered an online theft of personal and financial data of customers between late August and early September. This computer fault, repaired since, could concern 380 000 people.
These revelations come only a few months after the European Union strengthened its data protection laws with its General Data Protection Regulation (GDPR).