The Cathay Pacific data breach - Revolut reacts
On Wednesday, Cathay Pacific airlines announced that it had been involved in a data breach which affected over 9 million passengers. The company confirmed that one of its subsidiaries in Hong Kong had been hacked and that passenger data had been accessed without authorisation.
How did this happen? ๐ง
At 4:24PM BST, Cathay tweeted it had discovered unauthorised access to some of their passengers' data, but they were reluctant to reveal more details at the time.
We have discovered unauthorised access to some of our passenger data. For Data Security Event support, please DM @cxinfosec for assistance.
— Cathay Pacific (@cathaypacific) October 24, 2018
Soon after, the company confirmed the breach originated from its Hong Kong Dragon Airlines Limited unit, which resulted in a variety of customer information being accessed by hackers.
What kind of data was breached? ๐ค
Cathay reported that 860,000 passport numbers, approx. 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification code (CVC) were accessed in the breach.
Cathay Pacific also issued a statement confirming that the data being breached includes the names of passengers, nationalities, dates of birth, telephone numbers, email and physical addresses, passport numbers, identity card numbers and historical travel information. The company added that the Hong Kong Police had been notified about the incident and that there was no evidence of any personal information being misused.
How did Revolut respond? ๐ช๐ป
On Wednesday evening, we started an internal investigation lead by multiple departments including compliance, finance, data science, legal and risk, working in collaboration to uncover the impact of this breach on our community.
On Thursday morning, we identified 81 Revolut users, who collectively made 128 purchases from the airline. We reached out to all affected users via email, informing them about the breach and any next steps.
We also took to social media to inform our community about the breach and reassure our customers that we were aware of the issue, and that all the necessary precautions were being taken to help mitigate risks.
If you haven't received an email from us, then you haven't been affected by the breach, so you have nothing to worry about. However, if you're concerned and you believe that you might have been affected, you can register your interest directly with Cathay Pacific here and wait for an individual response from the company. Our customer support agents are also on stand-by to answer any questions you might have about this incident.
What are the next steps? ๐ถโโ๏ธ
At Revolut, we take the security of our customers data very seriously. While there is no evidence that any personal information has been used without your knowledge or your consent - our 24-hour, seven-days-a-week, compliance team, are proactively monitoring accounts, to ensure there are no adverse consequences from this incident.
At this time, there is no evidence that any of the personal data has been misused, but Cathay Pacific recommends customers still follow the steps outlined on the page to protect against potential risks they may face.
We recommend you always use the advanced security features included with your Revolut account, as well as paying with Disposable and Virtual Cards online, which help to protect you and your money, in the face of data breaches and cybercrime in general.
Join Revolut for Free
Manage your everyday spending with powerful budgeting and analytics, transfer money abroad, spend easily in the local currency, and so much more. Join 25M+ already using Revolut.