The Information Commissioner’s Office (ICO) has fined them for failing to protect the security of its customers’ personal data.
Cathay Pacific has been fined £500,000 for failing to protect its customers’ personal data, 111,578 of whom were from the UK, with 9.4 million more being affected worldwide.
Upon the ICO’s investigation, many errors were found including back-up files that were not password protected, operating systems that were no longer supported by the developer and inadequate anti-virus protection. This combination of problems along with more issues allowed hackers to gain unauthorised access to passenger’s personal details including names, passport and identity details, date of birth, postal and email addresses, phone numbers and historical travel information.
Steve Eckersley, ICO director of investigations, said: ‘This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers. The £500,000 fine was the maximum available under the Data Protection Act 1998, which applied in this case due to the timing of these incidents.
The General Data Protection Regulation (GDPR) regime, which came into effect from 25 May 2018, allows for much larger fines.Back to News