{"id":13678,"date":"2018-10-25T11:10:03","date_gmt":"2018-10-25T19:10:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/10\/25\/news-7445\/"},"modified":"2018-10-25T11:10:03","modified_gmt":"2018-10-25T19:10:03","slug":"news-7445","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/10\/25\/news-7445\/","title":{"rendered":"Huge breach affects 9 million Cathay Pacific customers"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Thu, 25 Oct 2018 17:57:20 +0000<\/strong><\/p>\n

Airlines aren\u2019t having a good time of things at the moment. Even if you managed to dodge the recent British Airways fallout<\/a>, you may well be caught up in the latest breach affecting no fewer than 9 million customers of Cathay Pacific<\/a>.<\/p>\n

So what was taken? The impact this time around isn\u2019t so much where payment information is concerned, as the 403 credit card numbers the hackers grabbed had all expired, and the 27 live ones had no CVV stored. It isn\u2019t even passwords, as the airline claims none of those were grabbed. The issue is that the hackers took 860,000 passport numbers, 240 Hong Kong identity cards, and all personal data that goes with it.<\/p>\n

What Personally Identifiable Information (PII) was compromised?<\/h3>\n

Here’s what the criminals ran away with in the Cathay Pacific breach: PII. Namely: nationality, date of birth, name, address, email, telephone numbers, frequent flyer membership numbers, customer service remarks, and \u201chistorical travel information.\u201d The data accessed from passenger to passenger varies, so there\u2019ll be some with almost nothing to worry about and others wondering how they drew several short straws simultaneously.<\/p>\n

If you’re wondering why breachers continue to steal PII, this data is incredibly useful for anybody planning a targeted attack, be it phishing, social engineering, or plain old convincing malware. Some of the scams could easily become real-world issues, as opposed staying firmly behind the computer screen.<\/p>\n

At this point, we\u2019d typically advise anyone affected by the breach to be extremely cautious of any missive sent their way from those claiming to be Cathay Pacific. Don\u2019t hand over payment information to random phone callers, avoid clickable links in emails persuading you that your password has expired, and so on.<\/p>\n

There\u2019s only one slight problem with this: the breach apparently took place in March 2018, or at least that\u2019s when they discovered a breach had taken place. It then took until May for them to confirm data had been accessed without permission.<\/p>\n

As a result, it may not be much use at this point to say \u201cWatch out for this\u201d when it\u2019s already happened. If the airline is correct in its thinking that no data has been abused yet, then what you can do is visit the website<\/a> set up in the wake of the breach (called a \u201cData security event\u201d) and use the relevant link for US and non-US customers to get things moving.<\/p>\n

Note that Cathay Pacific points out they\u2019ll never ask for personal\/financial information related to this breach, and they also list a sole email point of contact for any further communications. Should you receive a note from an address other than the one mentioned, you can safely ignore it.<\/p>\n

To ease the fears of worried customers, Cathay Pacific are offering ID monitoring services.<\/a>\u00a0And if you\u2019re not sure if you\u2019ve been affected, you can send them a message<\/a> and they\u2019ll get back to you.<\/p>\n

Airlines are increasingly coming under attack from individuals with an eye for large pots of valuable customer data, and even their apps are considered fair game<\/a>. Whether large fines or other consequences for Cathay Pacific emerge remains to be seen, but taking to the skies is anxiety-filled enough without having to worry about the safety of your data back on terra firma. One would hope this is the last major airline breach we\u2019ll see for a while, but on the evidence we\u2019ve seen so far, they\u2019ll be a prime slice of hacker real estate for some time to come.<\/p>\n

The post Huge breach affects 9 million Cathay Pacific customers<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Thu, 25 Oct 2018 17:57:20 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Airline company Cathay Pacific revealed that a huge breach took place in March 2018, affecting around 9 million customers. We take a look at some of the potential fallout.<\/p>\n

Categories: <\/p>\n