Daxdi now accepts payments with Bitcoin

Cathay Pacific Fined $640K for Poor Data Protection

Cathay Pacific Airways has been fined £500,000 (approximately $640,000) by the UK’s Information Commissioner's Office (ICO) for failing to protect customers’ personal data.

As the BBC reports, 111,578 people in the UK and approximately 9.4 million more people worldwide had their data exposed between October 2014 and May 2018.

The data includes customers’ names, passport details, dates of birth, phone numbers, addresses, and travel histories.

Since the breach happened before GDPR (General Data Protection Regulation) took effect, the airline avoided being fined up to £470m - four percent of its annual global turnover.

Instead, it has been fined the maximum that the ICO can levy under the UK’s Data Protection Act of 1998.

The airline said it became aware of the issue when it was the victim of a brute force attack in 2018.

After reporting the attack to the ICO, it was found that the Hong Kong airline had not password-protected its backup files, had internet-facing servers that were not updated, operating systems that were no longer supported by the developers, and poor antivirus protection.

One attack on a server involved a vulnerability that had been known for over a decade, yet the fix had not been applied by the airline.

In a statement to the BBC, Steve Eckersley, the ICO's director of investigations, said there were "a number of basic security inadequacies across Cathay Pacific's system, which gave easy access to the hackers."

Recommended by Our Editors

This is not the first time that an airline has faced a large fine because of an inability to sufficiently protect the data of its customers.

In July 2019, British Airways was fined $229m for a data breach the previous year which allowed hackers access the names, email addresses, and credit card numbers of 500,000 customers.

Cathay Pacific Airways has been fined £500,000 (approximately $640,000) by the UK’s Information Commissioner's Office (ICO) for failing to protect customers’ personal data.

As the BBC reports, 111,578 people in the UK and approximately 9.4 million more people worldwide had their data exposed between October 2014 and May 2018.

The data includes customers’ names, passport details, dates of birth, phone numbers, addresses, and travel histories.

Since the breach happened before GDPR (General Data Protection Regulation) took effect, the airline avoided being fined up to £470m - four percent of its annual global turnover.

Instead, it has been fined the maximum that the ICO can levy under the UK’s Data Protection Act of 1998.

The airline said it became aware of the issue when it was the victim of a brute force attack in 2018.

After reporting the attack to the ICO, it was found that the Hong Kong airline had not password-protected its backup files, had internet-facing servers that were not updated, operating systems that were no longer supported by the developers, and poor antivirus protection.

One attack on a server involved a vulnerability that had been known for over a decade, yet the fix had not been applied by the airline.

In a statement to the BBC, Steve Eckersley, the ICO's director of investigations, said there were "a number of basic security inadequacies across Cathay Pacific's system, which gave easy access to the hackers."

Recommended by Our Editors

This is not the first time that an airline has faced a large fine because of an inability to sufficiently protect the data of its customers.

In July 2019, British Airways was fined $229m for a data breach the previous year which allowed hackers access the names, email addresses, and credit card numbers of 500,000 customers.

Daxdi

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue