Cathay Pacific fined over ‘serious’ cyber security breach
Cathay Pacific has been hit with a £500,000 fine for failing to protect the security of its customers’ personal data.
The penalty was imposed by the Information Commissioner’s Office (ICO) after the personal details of more than 9.5 million customers were exposed, including 111,578 from the UK, over almost four years from October 2014.
The airline’s failure to secure its systems resulted in the unauthorised access to their passengers’ personal details including names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.
The Hong Kong-based carrier became aware of suspicious activity in March 2018 when its database was subjected to a ‘brute force’ attack, where numerous passwords or phrases are submitted with the hope of eventually guessing correctly.
The incident led the airline to employ a cybersecurity firm and subsequently report the breach to the ICO.
Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data, the ICO found.