Cathay Pacific started investigating a potential breach in March; by May they’d learned of breaches to a system with 9.4 million travelers’ data on it, then for some reason they didn’t tell anyone about it, until now: “The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information.” They are sorry if you are upset: “We are very sorry for any concern this data security event may cause our passengers.”