You are here: Home - Saving & Banking - News -

Cathay Pacific fined over breach exposing 100,000 UK customer details

Written by:
Cathay Pacific has been slapped with a £500,000 fine over a breach which compromised the personal details of 111,000 UK customers.

The international airline’s computer system “lacked appropriate security measures” which resulted in names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information of 9.4 million customers worldwide being exposed.

This was over a near four-year period between October 2014 and May 2018, affecting 111,578 UK customers, according to the Information Commissioner’s Office (ICO).

However, Cathay Pacific only became aware of suspicious activity in March 2018 when its database was subjected to a ‘brute force attack’, where numerous passwords or phrases are submitted with the hope of eventually guessing correctly.

The incident led Cathay Pacific to employ a cybersecurity firm, and it reported the incident to the ICO.

The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data. Numerous errors were found during the ICO’s investigation including: back-up files that weren’t password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.

‘Basic security inadequacies’

Steve Eckersley, ICO director of investigations, said: “People rightly expect when they provide their personal details to a company, that those details will be kept secure to ensure they are protected from any potential harm or fraud. That simply was not the case here.

“This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers. The multiple serious deficiencies we found fell well below the standard expected. At its most basic, the airline failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance.

“Under data protection law organisations must have appropriate security measures and robust procedures in place to ensure that any attempt to infiltrate computer systems is made as difficult as possible.”

The ICO added that as well as acting promptly in seeking expert assistance from a leading cyber security firm, Cathay Pacific also issued appropriate information to affected individuals and co-operated with the ICO’s investigation. has approached Cathay Pacific for comment.

The £500,000 fine is the maximum that can be imposed under the previous Data Protection Act 1998, under which the Cathay Pacific breach occurred. Under the new GDPR rules as of May 2018, the ICO has the power to fine up to £17m (€20m) or 4% of global turnover.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Seven ways to get help with energy bills this winter

We knew today’s announcement was going to be painful, but it’s still a shock to the system. When this kick...

Flight cancelled or delayed? Your rights explained

With no sign of the problems in UK aviation easing over the peak summer period, many will worry whether holida...

Rail strikes: Your travel and refund rights

Thousands of railway workers will strike across three days this week, grinding much of the transport system to...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week