Cathay Pacific, the Hong Kong-based international airline recently acknowledged that its computer system had been compromised at least seven months ago, exposing the personal data and travel histories of as many as 9.4 million people.

The breach involved private user information, including phone numbers, dates of birth, frequent flier membership numbers and passport and government ID numbers, as well as information on passengers’ past travels. The airline said that 27 credit card numbers — but not their corresponding security codes — had been obtained, as had 403 expired credit card numbers.

The company said that no passwords were compromised, and that the breach would not affect flight operations or safety. It said it learned in May that passenger data had been exposed after first discovering suspicious activity on its network in March. It did not immediately respond when asked whether it had any indication of who was responsible, and why it did not announce the breach earlier.

Source: New York Times