Cathay Pacific Airways Limited fined 500,000 pounds in UK for data breach

Cathay Pacific Airways Limited fined 500,000 pounds in UK for data breach
Published on

London: The UK's data protection watchdog has fined Cathay Pacific Airways Limited 500,000 pounds for failing to protect the security of its customers' personal data.

Between October 2014 and May 2018, Cathay Pacific's computer systems lacked appropriate security measures which led to the exposure of personal data of approximately 9.4 million customers worldwide -- 111,578 of whom were from the UK.

The airline's failure to secure its systems resulted in the unauthorized access to their passengers' personal details including names, passport and identity details, dates of birth, postal and email addresses, phone numbers, and historical travel information, said the UK's Information Commissioner's Office (ICO) on Wednesday.

Cathay Pacific became aware of suspicious activity in March 2018 when its database was subjected to a brute force attack, where numerous passwords or phrases are submitted with the hope of eventually guessing correctly.

The incident led Cathay Pacific to employ a cybersecurity firm, and they subsequently reported the incident to the ICO.

The ICO found Cathay Pacific's systems were entered via a server connected to the Internet and malware was installed to harvest data.

A catalog of errors was found during the ICO's investigation including back-up files that were not password protected; unpatched Internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.

"People rightly expect when they provide their personal details to a company, that those details will be kept secure to ensure they are protected from any potential harm or fraud. That simply was not the case here," Steve Eckersley, ICO Director of Investigations, said in a statement.

"This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific's system, which gave easy access to the hackers," Eckersley said. (IANS)

Top News

No stories found.
Sentinel Assam
www.sentinelassam.com