Cathay Pacific, Hong Kong’s flag carrier commercial airline, has revealed that personal information on up to 9.4 million customers was subject to ‘unauthorized access’.

The company claims it has ‘no evidence that personal data has been misused’. The full list of personal data accessed is extensive, the most alarming specifics being the names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses and passport numbers.

403 expired credit card numbers and 27 credit card numbers with no CVV were also accessed, in addition to 245,000 Hong Kong identity card numbers.

Cathay Pacific is in the process of informing the affected passengers and has notified Hong Kong Police and relevant authorities. The data accessed varies from passenger to passenger, and compensation is yet to be discussed.

Cathay Pacific is understood to have first been aware of suspicious activity on its network in March of this year and confirmed unauthorized access to personal data in May, but Chairman John Slosar has defended the company’s silence on the matter. He said: “I’d like to make it absolutely clear that there was never any attempt to cover anything up.

“I see it as one of the most serious crises that our airline has ever faced.”

The company has come under widespread criticism for its handling of the news, with affected customers only learning of the breach through media reporting of it, with outreach on Cathay Pacific’s behalf only taking place the day after the story broke.

If you believe you may have been affected but are yet to be contacted by Cathay Pacific you can contact it online at infosecurity.cathaypacific.com – a new website dedicated to helping customers following the breach. The airline has also suggested that you should change your password if you hold an online account with it.

While an airline data breach of this scale is unprecedented, you should always take the utmost care when using the web aboard a flight or in an airport terminal. The public WiFi connections there are more often than not unprotected and, with so many people using them at any given time, you never know who you may be sharing a connection with.

We’d recommend you never process any sensitive personal data over those connection without a strong VPN to protect you. You’ll be much safer should you opt for any of our Best VPNs of 2018.