Cathay Pacific airway fined £0.5m by ICO for cyber-attack
Part of the cost of cyber-attacks
4th March 2020
Cathay Pacific airways has been fined £0.5m (the pre-GDPR maximum) by the UK ICO after a server connected to the internet was hacked and malware installed in early 2018 (i.e. before “GDPR-day” on 25th May 2018).
9.4m customers’ details were accessed, including over 100k UK customers. Data included names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.
The ICO highlighted several basic information security control failures including back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.