Skip to Content
Security & privacy

Millions of passengers’ info exposed in major airline data breach

Data breaches are a modern day scourge on society. A new one seems to pop up everyday, it just depends on how massive one is whether you hear about it or not.

Retail stores, popular chain restaurants, grocery stores, even medical records from hospitals are being targeted by criminals. We’re not safe no matter where we turn.

Now, it’s air travelers’ turn to worry about their personal data. That’s because millions of passengers’ info was recently exposed in a massive airline data breach.

Has your data been compromised?

If you’ve done business with Cathay Pacific airlines, there’s a chance that your critical data has been stolen. The company just admitted that over 9 million passengers had their information exposed in a data breach.

The airline is the main carrier in Hong Kong but has international flights to more than 30 countries, including the United States. Boston, Chicago, Los Angeles, Newark, New York City, San Francisco and Washington, D.C. are all cities that passengers fly into on the airline.

The company announced this week that the breach was discovered during “ongoing IT security processes.” What happened was, its information system that contains passenger data of up to 9.4 million people was accessed by hackers.

Unauthorized access was suspected as early as March of this year and was confirmed in May by an initial investigation.

So why are we just hearing about this now?

The following personal data was accessed:

  • Passenger names
  • Nationality
  • Date of birth
  • Phone numbers
  • Email addresses
  • Passport numbers
  • Identity card numbers
  • Frequent flyer membership numbers
  • Customer service remarks
  • Historical travel information

On top of all that data, over 400 expired credit card numbers were accessed along with 27 more credit card numbers with no CVV. The company said the combination of data accessed varies for every passenger.

Plus, no one’s travel or loyalty profile was accessed in full, and no passwords were compromised. If that makes you feel any better.

The company said to be safe, everyone with a Cathay Pacific account should change their password immediately. Also, it’s warning everyone to be on the lookout for phishing emails.

On the company’s security page, it posted, “We are aware that attempted phishing is taking place, and would like to remind people that emails related to this data security event will only be sent from If you are setting up optional ID monitoring, the website address to enter your activation code is Please do not click on any variations of this link.”

The company also wants customers to know that it will never request your personal or financial information, and will never ask for your password in an email. If you receive an email that seems suspicious, don’t click on any links, open any attachments, or reply to it.

Is there anything you can do now?

Whenever a major data breach occurs, there are security steps that we should all take. Here are some suggestions.

Beware of phishing scams 

Scammers will try to piggyback on data breaches like this. They will create phishing emails, pretending to be dealing with the Cathay Pacific breach, hoping to get victims to click on malicious links that could lead to more problems. In fact, the airline already acknowledged that phishing emails are being sent by crooks.

That’s why you should familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.

Keep an eye on your bank accounts 

You should already be frequently checking your bank statements for suspicious activity. It’s even more critical when there is a massive data breach. Thieves could have stolen enough information to break into your financial accounts.

If you see anything that seems strange, report it immediately to your bank. It’s the best way to keep your financial accounts safe.

Set up two-factor authentication 

Two-factor authentication (2FA) means that to log into your account, you need two ways to prove you are who you say you are. This is an extra layer of security that will help keep your accounts safe. Whenever 2FA is available, you should use it.

With 2FA set up on your accounts, a thief will need more than just a stolen password to break in. Click here to learn how to set up two-factor authentication.

Change your password

Whenever you hear news of a data breach, it’s a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well.

Another mistake people make is creating passwords that are too easy for hackers to crack. Read this article to help you create hack-proof passwords.

Get a free annual credit report

Under federal law, you are entitled to a free copy of your credit report every year from the three major credit reporting agencies, Experian, Equifax and TransUnion. It’s a good idea to check your credit report following data breaches to make sure everything is on the up-and-up. Click here to learn how to get a copy of your free annual credit report.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook