Cathay Pacific says the personal data of up to 9.4 million passengers have been accessed in the latest security breach to hit the aviation industry.
Passport numbers, email addresses and expired credit card details were among the data leaked.
Chief executive Rupert Hogg apologised and said there was “no evidence” the information had been misused.
It comes weeks after British Airways revealed a major data leak had hit its customers.
The Hong Kong carrier said a wide range of personal information was accessed including passport details, identity card numbers, travel history and email addresses.
No passwords were compromised.
“We are very sorry for any concern this data security event may cause our passengers,” the airline’s chief executive Rupert Hogg said in a statement.
He said there was “no evidence that any personal data has been misused” and that the airline was in the process of contacting affected passengers.
- Cathay Pacific lets female crew wear trousers
- Airline spells own name wrong on plane
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” Mr Hogg said.
Air Canada app has suffered a data breach in August, resulting in the suspected loss of thousands of its customers’ personal details.
In April, Delta Airlines said credit card details of thousands of customers were exposed following a cyber attack on a vendor.
Shares of Cathay Pacific tumbled nearly 6% in Hong Kong trading on Thursday.