HONG KONG — Cathay Pacific Airways Ltd., Asia’s biggest international carrier, said a hacker gained access to information on about 9.4 million passengers, the third major global airline to report a data breach this year. The stock fell to the lowest level in more than nine years.

The Hong Kong-based carrier discovered suspicious activity on its network in March and confirmed the unauthorized access to some personal data in May, it said late Wednesday (Oct 24). There’s no evidence any information has been misused and flight safety hasn’t been compromised, it said.

British Airways Plc and Delta Air Lines Inc. also flagged similar hacking that exposed hundreds of thousands of customers as airlines boost spending to improve cyber security and prevent hacks into their systems that store sensitive personal and financial information such as credit cards. The data breach at Cathay Pacific — a partner of British Airways in the Oneworld airline alliance — adds to the woes of Chief Executive Officer Rupert Hogg, who has been attempting to turn around the fortunes of the marquee carrier after two straight annual losses.

Cathay Pacific shares fell as much as 6.7 percent to their lowest intraday level since June 2009. The stock has fallen 18 percent this year.

What got exposed?

Names, nationalities, dates of birth, telephone numbers, email, physical addresses, numbers for passports, identity cards and frequent-flier programs, and historical travel information. 403 expired credit card numbers 27 credit numbers with no CVV, or a security code About 860,000 passport numbers 245,000 Hong Kong IDs

“We are very sorry for any concern this data security event may cause our passengers,” Mr Hogg said in a statement on the carrier’s website. “We are in the process of contacting affected passengers, using multiple communication channels, and providing them with information on steps they can take to protect themselves."

Hong Kong’s privacy commissioner expressed serious concern over the leak and said the office will initiate a compliance check with the airline. A dedicated website, infosecurity.cathaypacific.com, provides information about the event and what affected passengers should do next.

Upon discovery, Cathay said it took immediate action to contain the event and started a “thorough” probe with the assistance of a cybersecurity firm and bolstered its network security.

Mr Hogg has reduced jobs starting with the carrier’s head office in Hong Kong to cut costs and introduced better business-class services on long-haul flights to help lure premium passengers. BLOOMBERG