Data Breach fine

Data Breach fine

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways £500,000 for failing to protect customers’ personal data.

A Cathay Pacific plane lands on the tarmacThe UK watchdog said the airline’s computer systems had exposed details of 111,578 UK residents and a further 9.4 million people from other countries.

These included names, passport details, dates of birth, phone numbers, addresses and travel history.

“Appropriate security” was not in place between October 2014 and May 2018.

The ICO said Cathay Pacific became aware of a problem in March 2018, when it suffered a “brute force” password-guessing attack.

The Hong Kong-based firm reported this to the ICO. The regulator said it subsequently uncovered “a catalogue of errors” during a follow-up investigation, including:

  • back-up files that were not password protected
  • internet-facing servers without the latest patches
  • operating systems that were no longer supported by the developer
  • inadequate anti-virus protection

At least one attack involved a server with a known vulnerability – but the fix was never applied, despite having been public knowledge for more than 10 years.

Related Posts

crippling reality of a lack of support and equipment faced by some health-care workers in England.

As the death toll from coronavirus continues to climb, hospitals across the...

Coronavirus: Six things that are booming in sales

1. Bicycles and exercise gear 2. Outdoor and indoor games 3. Home and garden...

Devolved finance ministers seek urgent UK Budget meeting

Finance ministers from NI, Scotland and Wales have written a joint letter...