Cathay Pacific Airways has discovered an IT security breach to its information system, which contains passenger data of up to 9.4 million people.

The unauthorized access was uncovered during the airline’s “ongoing security processes,” the carrier announced Oct. 24.

The Hong Kong-based carrier said it has contained the situation and believes no personal information or passwords were compromised, and travel profiles were not fully accessed.

Cathay also added the affected IT systems are isolated from flight operation systems, and flight safety was not affected.

The oneworld member said the following data was accessed: passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer program membership number, customer service remarks and travel history.

In addition, 27 credit card numbers with no CVVs were accessed, along with 403 expired credit card numbers.

“We are very sorry for any concern this data security event may cause our passengers,” Cathay Pacific CEO Rupert Hogg said in a statement. “We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”

The Hong Kong police was notified of the incident and the airline continues to inform relevant authorities.

This is the second high-profile IT breach in as many months to hit the oneworld group. A cyberattack on British Airways’ IT system in August-September resulted in the details of some 380,000 financial transactions by the company’s passengers being stolen.

Chen Chuanren,