Cathay Pacific warns 9.4 million passengers had data hacked, New Zealand helpline set up

Cathay Pacific is the second airline in two months to report a big data breach. Photo / Supplied

Cathay Pacific is warning passengers they may have been caught up in an international data hack of 9.4 million people.

The airline has set up helplines for worried passengers around the world, including New Zealand.

Data accessed included passenger names, nationality, date of birth, phone numbers, emails, addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service remarks and historical travel information.

In addition, 403 expired credit card numbers were accessed. Twenty-seven credit card numbers with no CVV were accessed. The combination of data accessed varies for each affected passenger.

The airline says there was no evidence that any personal data has been misused.

Cathay Pacific's chief executive Rupert Hogg said the airline was ''very sorry'' for any concern this data security event may cause passengers.

"We are in the process of contacting affected passengers, using multiple communications channels, and providing them with information on steps they can take to protect themselves. We have no evidence that any personal data has been misused. No one's travel or loyalty profile was accessed in full, and no passwords were compromised."

Last month British Airways warned customers that about 380,000 card payments on its website and app were compromised during a 15-day data breach which meant the personal and financial details of customers making bookings over the period were compromised.

British Airways blamed sophisticated efforts by criminals for that hack.

Cathay said it had reported its breach to the Hong Kong police and would further strengthen its IT security measures.

It is not clear whether New Zealand passengers have been affected but the airline operates daily flights to Auckland, and over summer, to Christchurch.

Hogg said the IT systems affected were totally separate from its flight operations systems, and there was no impact on flight safety.

On a website set up in the wake of the breach, the airline says that ''in an abundance of caution'' it had taken the decision to notify everyone believed may have been affected.

''Where possible, we are offering ID monitoring services to affected passengers. This service monitors if your personal data may be available on public websites, chat rooms, blogs, and non-public places on the internet where data can be compromised such as dark web sites.''

The Cathay helpline number in New Zealand is 0800 456320 and the website is: infosecurity.cathaypacific.com.