The target: Cathay Pacific Airlines, a Hong Kong airline.
The take: Personal information including names, dates of birth, addresses, and some passport numbers and e-mail address for 9.4 million clients.
The attack vector: It’s believed that vulnerabilities were discovered and exploited due to poor planning and a failure to adapt security practices and postures during a transition from legacy IT systems to cloud-based infrastructure.