` The Costs of Data Security and Breach: Cathay Pacific Airways Is Fined £500,000 - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

The Costs of Data Security and Breach: Cathay Pacific Airways Is Fined £500,000

cathay

After a year-long investigation, the UK’s Information Commissioner’s Office (ICO) issued its findings and the relevant fines for the Cathay Pacific Airways Limited security failures that occurred between 2014 and 2018.

The ICO found that Cathay was in violation of the UK’s Data Protection Act of 1998.  Specifically, the ICO concluded that Cathay was deficient in implementing one of the Act’s requirements that “appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Information such as customers’ names, passport and identity details, date of birth, postal and email addresses, phone numbers, and travel information were accessed through malware that was installed in the Cathay systems via a server connected to the internet. Cathay’s security failures included continued use of operating systems that were no longer supported by the developer, backup files that were not password-protected, inadequate ant-virus protections, and unpatched internet-facing servers.

Cathay became aware of suspicious activity in March 2018 when its database was subjected to a brute force attack, where numerous passwords or phrases are submitted with the hope of eventually guessing correctly. The incident, in turn, led the company to employ a cybersecurity firm, and they subsequently reported the incident to the ICO.

The company was fined the maximum possible penalty under the Act of £500,000, a sum that is far more lenient when considering the fines that could have been imposed under the GDPR. Notably, under the Regulation, which came into effect after the breach has already occurred, Cathay could have been subject to penalties equaling up to 4 percent of its global turnover, the equivalent of 470 million pounds.

Last year, the ICO announced it would fine British Airways £183m for a breach of its systems, and the Marriott Hotel group £99.2m under the GDPR.

Ask Clarip today how we can solve your biggest compliance pain points, Call Clarip at 1-888-252-5653

Contact

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

888-252-5653

About

Consumers

Businesses

The pixel
Show Buttons
Hide Buttons