You are currently viewing Cathay Pacific Lands £500,000 Penalty For Negligence Over Data Leaks

Cathay Pacific Lands £500,000 Penalty For Negligence Over Data Leaks

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments

UK’s data watchdog has issued a £500,000 penalty on Cathay Pacific for a data leak in 2018. The leak exposed the details of 9.4 million customers of the airline. Out of that number, 111,578 were from the UK.


The data leak occurred between October 2014 and May 2018. It exposed passengers’ names, passport and identity details, dates of birth, postal and email addresses, phone numbers, and travel history. It also exposed 430 credit card numbers, 27 of which were active.


The Information Commissioner’s Office (ICO), made the fines public after a lengthy investigation. This leak was first suspected in March 2018 after Cathay Pacific’s database experienced a brute force attack.


Further, the ICO’s investigation concludes that a malware that harvests data also breached Cathay’s database. The commission’s investigation uncovered a range of shocking loopholes in Cathay’s security systems. These loopholes also include backup files with no password protection, an out-of-support OS, unpatched web-facing servers, and inadequate antivirus protection.

Also Read:
– Facebook Agrees $550 Million Settlement Over Biometric Breach
– New Mexico Sue Google For Illegally Collecting School Children’s Data
– Take A Look At Japan’s New Ultra-Fine Spray-On Face Mask

“This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers. The multiple serious deficiencies we found fell well below the standard expected. At its most basic, the airline failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance.


People rightly expect when they provide their personal details to a company, that those details will be kept secure to ensure they are protected from any potential harm or fraud. That simply was not the case here,” ICO’s director of investigations, Steve Eckersley said.


“Under data protection law organisations must have appropriate security measures and robust procedures in place to ensure that any attempt to infiltrate computer systems is made as difficult as possible,” He added.


The penalty applied is the maximum punishment for the offence under UK law.


For your daily dose of tech, lifestyle and trending content, make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at Finally, don’t forget to subscribe to our YouTube channel HERE.

Leave a Reply