Cathay Pacific fined by ICO for data breach

UK – The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways £500,000 for failing to protect customers’ personal data.

Cathay pacific_crop

Between October 2014 and May 2018, Cathay Pacific’s computer systems lacked sufficient security, which meant customers’ personal details were at risk.

This security breach affected 111,578 in the UK, and approximately 9.4m more worldwide.

The airline’s failure to secure its systems led to unauthorised access to passengers’ personal details including names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.

Cathay Pacific became aware of suspicious activity in March 2018 – when its database was subjected to a brute force attack, where numerous passwords or phrases are submitted with the hope of eventually guessing correctly.

Subsequently, Cathay Pacific employed a cyber-security firm, and they reported the incident to the ICO.

A catalogue of errors was found during the ICO’s investigation including: back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.

Steve Eckersley, ICO director of investigations, said: “This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers. The multiple serious deficiencies we found fell well below the standard expected. At its most basic, the airline failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance.”

The timing of this investigation by the ICO meant the case came under the Data Protection Act 1998 when the maximum financial penalty was £500,000.

We hope you enjoyed this article.
Research Live is published by MRS.

The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.

Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.

For example, there's an archive of winning case studies from over a decade of MRS Awards.

Find out more about the benefits of joining MRS here.

0 Comments


Display name

Email

Join the discussion

Newsletter
Stay connected with the latest insights and trends...
Sign Up
Latest From MRS

Our latest training courses

Our new 2025 training programme is now launched as part of the development offered within the MRS Global Insight Academy

See all training

Specialist conferences

Our one-day conferences cover topics including CX and UX, Semiotics, B2B, Finance, AI and Leaders' Forums.

See all conferences

MRS reports on AI

MRS has published a three-part series on how generative AI is impacting the research sector, including synthetic respondents and challenges to adoption.

See the reports

Progress faster...
with MRS 
membership

Mentoring

CPD/recognition

Webinars

Codeline

Discounts