The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.
The UK's Information Commissioner's Office (ICO) has fined airline Cathay Pacific £500,000 — with a 20% discount to £400,000 if the penalty is paid by March 12 — for basic security inadequacies in a four-year data breach that lasted from 2014 until 2018.
As a result of the breach, the personal data of 9.4 million people was stolen. The stolen information included names, nationalities, dates of birth, phone numbers, email addresses, mailing addresses, passport details, frequent flier numbers, and travel histories.
Among the criticisms levied against Cathay Pacific is that it took months after the breach was found for the airline to notify regulators, a delay the company blamed on the need to fully understand the breach. Other "security inadequacies" noted in the order for the fine include failure to encrypt database backups containing personal data, failure to patch an Internet-facing server against a 10-year-old vulnerability, and using past-end-of-life operating systems on servers.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "With New SOL4Ce Lab, Purdue U. and DoE Set Sights on National Security."
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024