Cathay Pacific gets fined

05.03.2020

Back to news

Data Protection Act 1998 conditioned the issue of a £500 000 fine – the biggest penalty stipulated by the Act – for Cathay Pacific following the data breach which occurred between 2014-2018.

As the incident happened before GDPR came into force the new European law will not affect the company.

Personal data of 9.4 million passengers was impacted between October 2014 and May 2018. Names, passport details, a number of credit cards, dates of birth, emails, addresses, phones and travel history information got exposed.

Cathay Pacific appeared to make a few security mistakes – backup files were unprotected, web-facing servers happened to be unpatched, OS lacked support and antivirus didn’t meet the requirements.