The data of up to 9.4 million customers have been accessed illicitly in the latest data breach to target an airline carrier.

In the past year, several airlines have been targeted by hackers in an attempt to seize sensitive data. British Airways was hit in September; Air Canada and Delta were also targeted earlier in the year.

The Financial Times reports that Cathay Pacific first detected activity in March, and confirmed the suspicious activity in May. The airline is under criticism for delaying its disclosure of the breach.

According to Cathay, the exposed data varied by passenger. “Cathay said 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value (CVV) were accessed in the breach,” writes Reuters.

But according to Financial Times, additional details like frequent flyer program and historical travel information were also accessed.

Cathay has said that there is no evidence that any of the personal information accessed has been misused. However, at least one cybersecurity expert suggests that conclusion could be premature.

Get the full story at Financial Times.