Home Login Contact

Contact us...

+44 (0) 208 133 0242

Cathay Pacific airway fined £0.5m by ICO for cyber-attack

Part of the cost of cyber-attacks

4th March 2020

Cathay Pacific airways has been fined £0.5m (the pre-GDPR maximum) by the UK ICO after a server connected to the internet was hacked and malware installed in early 2018 (i.e. before "GDPR-day" on 25th May 2018).

9.4m customers' details were accessed, including over 100k UK customers. Data included names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information.

The ICO highlighted several basic information security control failures including back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.

Contact us for support

Got a comment or request?

Need help with data protection or information security?

Contact us for advice, assurance, audit, training, vDPO, vCISO, outsourced partnership.

+44 (0) 208 133 0242