Security News > 2020 > March > UK data watchdog slaps a £500,000 fine on Cathay Pacific for 2018 9.4m customer data leak
The Information Commissioner's Office has fined Cathay Pacific Airways £500,000 for leaky security that exposed the personal data of 9.4 million passengers - 111,578 of whom were from the UK. The breach, which occurred between October 2014 and May 2018, exposed passengers' names, passport and identity details, dates of birth, postal and email addresses, phone numbers, and travel history, as well as 430 credit card numbers, 27 of which were active.
The unauthorised access was first suspected in March 2018, when Cathay's database suffered a brute force attack, and confirmed in May. A Cathay Pacific spokesman said at the time that the combination of data accessed varied for each affected passenger.
In response, Cathay Pacific said in a statement: "We have co-operated closely with the ICO and other relevant authorities in their investigations. Our investigation reveals that there is no evidence of any personal data being misused to date."
The £500,000 fine is the maximum penalty that can be applied under the Data Protection Act 1998.
The news comes on the back of the ICO's record £183m fine on British Airways last month, after a breach in 2018 exposed roughly 500,000 passengers' details.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/04/ico_fines_cathay_pacific_500000/
Related news
- Toyota confirms breach after stolen data leaks on hacking forum (source)
- Brain Cipher claims attack on Olympic venue, promises 300 GB data leak (source)
- Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations (source)
- A data leak and a data breach (source)
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)