Cathay Pacific, Hong Kong’s flag carrier, announced that they’d discovered a cyber-breach affecting millions of their customers.

The sensitive information of nearly 10 million people might have been accessed by cybercriminals. According to the Asian airline operator, hackers might have stolen personal records that include name; nationality; date of birth; phone number; passport number; credit card numbers; email; address; customer service remarks and historical travel information. According to CNN Business, the data leak included approximately 860,000 passport numbers and roughly 250,000 identity card numbers. Cathay might be based in Asia but serves multiple countries across four continents, and the victims include US residents.

According to Cathay Pacific, the airline initially discovered suspicious activity back in March 2018.

They tackled the problem by cooperating with a cyber-security firm and by allocating money to strengthen their IT systems. After two months of thorough internal investigation, the company confirmed that there had been unauthorized access to sensitive data. The Asian airline said no passwords have been stolen and failed to announce the breach for nearly six months stating that they have used the time to analyze the data with hopes to potentially identify the identity of the criminals and the names of the affected passengers. The airline is currently contacting some of the affected passengers. It is currently unknown who is behind the cyber-attack.

Cathay invites every passenger concerned about the breach to submit a data security event inquiry form, especially if they have flown with Cathay over the last few years. Cathay said that even if you are affected, they won’t be contacting you unless you are a member of the Marco Polo Club, Asia Miles or have a Registered Account.

The news comes only two months after hackers claimed the scalp of another major airline carrier – British Airways. While Cathay Pacific’s data breach seems more alarming than the one that affected UK’s flag carrier, the ongoing investigation performed by International Airlines Group confirmed that the largest airline in the United Kingdom might have exposed the personal details of more than half a million people, instead of the 380,000 that they initially announced. Air Canada also had recent cybersecurity issues – more than 1.7 million Canada Air customers were locked out of the company’s app after Canada Air realized that the data of roughly 20,000 might have already been accessed by cybercriminals.

While Cathay’s shared plummeted with 6%, the shareholders might not be the only ones suffering from the data breach. The personal information stolen from the airline company could be used by cybercriminals for malicious purposes such as identity theft. Cathay Pacific said that the combination of personal data accessed by the cybercriminals might vary for each victim. The only way to prevent hackers from stealing the missing piece from the puzzle is to have all your connected device secured by quality anti-virus software.