Cathay Pacific gets fined

Data Protection Act 1998 conditioned the issue of a £500 000 fine – the biggest penalty stipulated by the Act – for Cathay Pacific following the data breach which occurred between 2014-2018.

As the incident happened before GDPR came into force the new European law will not affect the company.

Personal data of 9.4 million passengers was impacted between October 2014 and May 2018. Names, passport details, a number of credit cards, dates of birth, emails, addresses, phones and travel history information got exposed.

Cathay Pacific appeared to make a few security mistakes – backup files were unprotected, web-facing servers happened to be unpatched, OS lacked support and antivirus didn’t meet the requirements.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.