Cathay fined £500,000
LUXEMBOURG: Cathay Pacific was fined £500,000 ($639,000) yesterday by the UK’s privacy watchdog for failing to protect customers’ data due to security lapses lasting nearly four years.
The penalty is the highest the UK authority could levy under old rules that were replaced in May 2018 with tougher measures boosting regulators’ fining powers.
Between October 2014 and May 2018, Cathay Pacific’s computer systems “lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide,” the UK Information Commissioner’s Office said in a statement on its website.
“This breach was particularly concerning given the number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers,” Steve Eckersley, the ICO’s director of investigations, said in the statement.
“The airline is held responsible for failing to prevent the unauthorised access to their passengers’ personal details, including names, passport and identity details,’’ the ICO added.
The UK ruling is another setback for the airline, which has slashed capacity as it copes with a reduction in travel demand amid the spread of the coronavirus and political protests in it’s home market of Hong Kong.
Cathay Pacific said in an e-mailed statement said it regrets the incident and has spent “substantial amounts” on IT infrastructure and security over the past three years.