Security News > 2020 > March > UK data watchdog slaps a £500,000 fine on Cathay Pacific for 2018 9.4m customer data leak
The Information Commissioner's Office has fined Cathay Pacific Airways £500,000 for leaky security that exposed the personal data of 9.4 million passengers - 111,578 of whom were from the UK. The breach, which occurred between October 2014 and May 2018, exposed passengers' names, passport and identity details, dates of birth, postal and email addresses, phone numbers, and travel history, as well as 430 credit card numbers, 27 of which were active.
The unauthorised access was first suspected in March 2018, when Cathay's database suffered a brute force attack, and confirmed in May. A Cathay Pacific spokesman said at the time that the combination of data accessed varied for each affected passenger.
In response, Cathay Pacific said in a statement: "We have co-operated closely with the ICO and other relevant authorities in their investigations. Our investigation reveals that there is no evidence of any personal data being misused to date."
The £500,000 fine is the maximum penalty that can be applied under the Data Protection Act 1998.
The news comes on the back of the ICO's record £183m fine on British Airways last month, after a breach in 2018 exposed roughly 500,000 passengers' details.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/04/ico_fines_cathay_pacific_500000/
Related news
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)
- Pokemon dev Game Freak confirms breach after stolen data leaks online (source)
- Troubled US insurance giant hit by extortion after data leak (source)
- Interbank confirms data breach following failed extortion, data leak (source)
- Ford investgates alleged breach following customer data leak (source)
- Ford investigates alleged breach following customer data leak (source)