Cathay Pacific Airways Ltd. was fined 500,000 pounds ($639,000) by the UK’s privacy watchdog for failing to protect customers’ data due to security lapses lasting nearly four years.
The penalty is the highest the UK authority could levy under old rules that were replaced in May 2018 with tougher measures boosting regulators’ fining powers.
Between October 2014 and May 2018, Cathay Pacific’s computer systems “lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide,” the UK Information Commissioner’s Office said in a statement on its website on Wednesday.
“This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers,” Steve Eckersley, the ICO’s director of investigations, said in the statement. “The multiple serious deficiencies we found fell well below the standard expected.”
The airline is held responsible for failing to prevent “the unauthorized access to their passengers’ personal details,” including names, passport and identity details, the ICO added.
The UK ruling is another setback for the airline, which has slashed capacity as it copes with a reduction in travel demand amid the spread of the coronavirus and political protests in it’s home market of Hong Kong.
Cathay Pacific said in an emailed statement said it regrets the incident and has spent “substantial amounts” on IT infrastructure and security over the past three years.
“We have co-operated closely with the ICO and other relevant authorities in their investigations,” the company said. “Our investigation reveals that there is no evidence of any personal data being misused to date” and the airline “will continue to invest in and evolve our IT security systems.”
- British Airways Faces Record $230M Fine for Data Breach Under New GDPR Rules
- Hong Kong’s Privacy Watchdog Slams Cathay Pacific for 2018 Data Breach
- British Airways’ Data Breach Was More Extensive than Original Estimates
- Cathay Pacific’s Data Breach Scrutinized by 27 Regulators in 15 Jurisdictions
- Biggest Airline Data Breach Lasted for Months, Confirms Cathay Pacific
- World’s Biggest Airline Data Breach at Cathay Pacific Probed by Hong Kong Watchdog
- Cathay Pacific Cyber Attack Is World’s Biggest Airline Data Breach
- British Airways Says ‘Sophisicated’ Hacker Stole Data on 380,000 Customers
Was this article valuable?
Here are more articles you may enjoy.