This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| less than a minute read

Cathay Pacific fined £500,000 for DP breach

Airlines aren't having a great time this week.  The ICO announced this week enforcement action taken against Cathay Pacific for failing to secure its customers’ personal data, involving a "number of basic security inadequacies".

As the breach took place pre-GDPR, the enforcement powers in the preceding legislation (Data Protection Act 1998) applied.

The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data. A catalogue of errors were found during the ICO’s investigation including: back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.


data protection, gdpr, entertainment & media