Cathay Pacific Airways was today hit by a £500,000 fine by the UK regulator for a mass data breach that saw hackers steal passport numbers, emails and dates of birth from 9.4 million passengers including 111,000 Britons.
The Information Commissioner’s Office (ICO) found the company had failed to protect the security of its customers’ personal data because of its poorly-secured computer systems.
Cathay Pacific was hit by a ‘brute force’ attack in March 2018, with numerous passwords submitted in the hope of eventually guessing correctly, prompting the firm to recruit a cyber-security consultant.
- Regulator ruled firm had failed to protect the security of customers’ personal data
- Found ‘catalogue’ of failings, including lack of virus protection and old systems
- Cathay was hit by ‘brute force’ attack in 2018 with hackers guessing passwords