Hong Kong flag carrier Cathay Pacific said Wednesday that a data breach exposed personal information of up to 9.4 million passengers, but said it had no evidence that any of the data had been misused.
Cathay confirmed the breach while investigating an earlier discovery that data had been compromised, Reuters reports. The announcement follows a string of breaches at other major carriers, including Delta, Boeing and British Airways.
Flight systems and safety were not affected by the breach, the company said, as the IT systems affected were wholly separate from operational equipment.
Information accessed without authorization includes about 860,000 passport numbers and 403 expired credit card numbers, Cathay said. Other information likes names, nationalities, dates of birth, phone numbers, emails and addresses were also leaked, but passwords were not affected.
“We are very sorry for any concern this data security event may cause our passengers,” Cathay Pacific Chief Executive Rupert Hogg said in a statement.
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” he continued.
Cathay is contacting affected passengers to assist with data protection, according to the statement.