Last month, news outlets reported that Hong Kong-based Cathay Pacific suffered the world’s worst cyberattack on an airline company, with over 9 million customers having their personal and financial details exposed.
At the time, the company said that there was “suspicious activity” on its network, undermining the security of their customers’ data.
However, it was revealed this week that the attack was much more serious and sustained than first thought.
Cathay Pacific admitted that it had been the victim of an intense cyberattack lasting more than three months, leading both internal and external IT experts to focus only on containing the attack and preventing future attacks from March to May this year. The attack continued beyond May.
This account of events contradicts what the company said in October regarding the attack and the severity of it.
The admission was made in a written statement to lawmakers in Hong Kong as the airline’s management were set to come under scrutiny at a committee meeting. The statement also said:
Throughout our investigation into this incident, our foremost objective and primary motivation has been to support our affected passengers by providing accurate and meaningful information.
The investigation was complex, longer than what we would have wished, and we would have liked to have been able to provide this information sooner.
Despite their apologies for their handling of the issue, the company is already the subject of a police investigation and formal investigation by the Hong Kong privacy watchdog.
Several news outlets have reached out to Cathay Pacific for comment.