Security News > 2020 > March > Cathay Pacific Airways Fined Over Long-Running Breach
The UK Information Commissioner's Office announced Wednesday that it has fined Hong Kong based Cathay Pacific Airways Ltd the maximum possible £500,000 following a long-running breach that occurred between October 2014 and May 2018.
The current UK Data Protection Act 2018 came into force 12 days after the breach was remedied on May 23, 2018.
It is worth noting that the Cathay Pacific fine is considerably more than the ICO GDPR fine of $230 million against British Airways for its breach in 2018.
Cathay Pacific claims it was because of a data migration; but that migration must either have been in progress for the entire three years of the breach, or the company knows when the database was accessed.
"If appropriate steps had instead been taken," adds the Notice, "They could have prevented or limited the scope or impact of the data breach, and/or ensured that the breach could have been detected and remedied sooner."