In one of the worst data breaches in history to hit the airline industry, Cathay Pacific Airways revealed on October 24, 2018, that the personal information of up to 9.4 million passengers of the airline and its unit Hong Kong Dragon Airlines (or “Cathay Dragon”) were hacked earlier this year.

“I would like to personally inform you that we discovered unauthorized access to the passenger data of up to 9.4 million people,” Cathay Pacific CEO Rupert Hogg said in a video message posted on the company’s website on October 25, 2018, updating the airline’s passengers.

In an earlier statement, Cathay said it had discovered the data breach “as part of its ongoing IT security processes”. Apparently, the company initially discovered suspicious activity on its network back in March 2018.

Following investigations, in May 2018, the company was able to confirm that certain personal data had been accessed without authorization, CNN reports. It had since been been analyzing the data to identify which passengers were affected.

“Upon discovery, we acted immediately to contain the event and thoroughly investigate. We engaged one of the world’s leading cybersecurity firms to assist us and we further strengthened our IT security measures too,” Hogg assured.

Cathay said the accessed data includes passenger names, nationalities, dates of birth, telephone numbers, emails and addresses, passport numbers, identity card numbers and historical travel information.

So far it is known that a total of 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, as well as 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed in the breach, Reuters reports. According to the carrier, however, the combination of data accessed varies from passenger to passenger.

What will be a definite sigh of relief for Cathay’s customers is that, according Hogg, no passwords or miles were compromised in the breach: “We have no evidence that any personal data has been misused. No-one’s travel or loyalty profile was accessed in full, and no passwords were compromised.”

Cathay Pacific has repeatedly apologized for the “concern” caused to passengers by the hack. The company stated it had notified the Hong Kong Police and relevant authorities and was contacting affected passengers.

Cathay's embarrassing passenger data breach comes only a month after British Airways revealed that credit card details of about 380,000 of its customers were stolen over a two-week period between August 21, 2018, and September 5, 2018.

Forget tackling a major public relations disaster; BA has landed in hot water not only with customers, but also with the British authorities (hint: fines of up to $637 million). And then there are the shareholders, who may have to accept a lower profit as a result of the breach.