You are here: Home - Saving & Banking - News -

Cathay Pacific fined over breach exposing 100,000 UK customer details

Written by:
Cathay Pacific has been slapped with a £500,000 fine over a breach which compromised the personal details of 111,000 UK customers.

The international airline’s computer system “lacked appropriate security measures” which resulted in names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information of 9.4 million customers worldwide being exposed.

This was over a near four-year period between October 2014 and May 2018, affecting 111,578 UK customers, according to the Information Commissioner’s Office (ICO).

However, Cathay Pacific only became aware of suspicious activity in March 2018 when its database was subjected to a ‘brute force attack’, where numerous passwords or phrases are submitted with the hope of eventually guessing correctly.

The incident led Cathay Pacific to employ a cybersecurity firm, and it reported the incident to the ICO.

The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data. Numerous errors were found during the ICO’s investigation including: back-up files that weren’t password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.

‘Basic security inadequacies’

Steve Eckersley, ICO director of investigations, said: “People rightly expect when they provide their personal details to a company, that those details will be kept secure to ensure they are protected from any potential harm or fraud. That simply was not the case here.

“This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers. The multiple serious deficiencies we found fell well below the standard expected. At its most basic, the airline failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance.

“Under data protection law organisations must have appropriate security measures and robust procedures in place to ensure that any attempt to infiltrate computer systems is made as difficult as possible.”

The ICO added that as well as acting promptly in seeking expert assistance from a leading cyber security firm, Cathay Pacific also issued appropriate information to affected individuals and co-operated with the ICO’s investigation. has approached Cathay Pacific for comment.

The £500,000 fine is the maximum that can be imposed under the previous Data Protection Act 1998, under which the Cathay Pacific breach occurred. Under the new GDPR rules as of May 2018, the ICO has the power to fine up to £17m (€20m) or 4% of global turnover.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

The savings accounts paying the most interest

If one of your jobs this month is to get your finances in order, moving your savings to a higher paying deal i...

Everything you need to know about being furloughed

Few people had heard of ‘furlough’ before March 2020, but the coronavirus pandemic thrust the idea of bein...

Coronavirus and your finances: what help can you get in the second lockdown?

News and updates on everything to do with coronavirus and your personal finances.

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

Money Tips of the Week

Read previous post:
Wealthify launches digital pension

Digital investment platform Wealthify has entered the retirement savings market with the launch of a self-invested personal pension (SIPP).