Cathay Pacific apologises to customers after 1,000 Asia Miles accounts hacked

Hong Kong’s flag carrier, Cathay Pacific Airways, has apologised to customers after about 1,000 accounts in its Asia Miles loyalty programme were hacked, with mileage stolen, and personal data and travel details compromised.

The airline said on Thursday that no credit card information was leaked despite the hack.

Cathay said its preliminary investigation suggested that the theft of Asia Miles by unauthorised parties was the “primary motivation”, although the misuse of personal data remained a possibility.

“The unauthorised parties used valid members’ credentials, some of which were found to be exposed on the internet, to log in and then fraudulently bypassed the secondary verification process to access Asia Miles in the accounts, by exploiting an issue in such a process,” it said.

“The secondary verification issue has already been rectified and the process further strengthened by Cathay to ensure similar incidents will not happen again.”

The company said that it had reported the case to the relevant authorities, including the privacy commissioner, and had also engaged an external expert to conduct a comprehensive independent investigation into the hacking.