Passport numbers, email addresses and expired credit card details were among the data leaked.
Chief executive Rupert Hogg apologized and said there was “no evidence” the information had been misused.
It comes weeks after British Airways revealed a major data leak had hit its customers.
The Hong Kong carrier said a wide range of personal information was accessed including passport details, identity card numbers, travel history and email addresses.
No passwords were compromised.
“We are very sorry for any concern this data security event may cause our passengers,” the airline’s chief executive Rupert Hogg said in a statement.
He said there was “no evidence that any personal data has been misused” and that the airline was in the process of contacting affected passengers.
“We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” Mr Hogg said.
Last month, British Airways said hackers managed to breach its website and app, stealing data from many thousands of customers in the process.
Air Canada app has suffered a data breach in August, resulting in the suspected loss of thousands of its customers’ personal details.
In April, Delta Airlines said credit card details of thousands of customers were exposed following a cyber attack on a vendor.
Shares of Cathay Pacific tumbled nearly 6% in Hong Kong trading on Thursday.