The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.

Dark Reading Staff, Dark Reading

March 4, 2020

1 Min Read

The UK's Information Commissioner's Office (ICO) has fined airline Cathay Pacific £500,000 — with a 20% discount to £400,000 if the penalty is paid by March 12 — for basic security inadequacies in a four-year data breach that lasted from 2014 until 2018.

As a result of the breach, the personal data of 9.4 million people was stolen. The stolen information included names, nationalities, dates of birth, phone numbers, email addresses, mailing addresses, passport details, frequent flier numbers, and travel histories.

Among the criticisms levied against Cathay Pacific is that it took months after the breach was found for the airline to notify regulators, a delay the company blamed on the need to fully understand the breach. Other "security inadequacies" noted in the order for the fine include failure to encrypt database backups containing personal data, failure to patch an Internet-facing server against a 10-year-old vulnerability, and using past-end-of-life operating systems on servers. 

For more, read here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "With New SOL4Ce Lab, Purdue U. and DoE Set Sights on National Security."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights