Cathay Pacific fined £500,000 for DP breach

Authors

Tom Gates

Counsel

London

Airlines aren't having a great time this week. The ICO announced this week enforcement action taken against Cathay Pacific for failing to secure its customers’ personal data, involving a "number of basic security inadequacies".

As the breach took place pre-GDPR, the enforcement powers in the preceding legislation (Data Protection Act 1998) applied.

The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data. A catalogue of errors were found during the ICO’s investigation including: back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.
Read more

Authors

Tom Gates

Authors

Tom Gates

Counsel

London

Related insights

Our insights