Airlines aren't having a great time this week. The ICO announced this week enforcement action taken against Cathay Pacific for failing to secure its customers’ personal data, involving a "number of basic security inadequacies".
As the breach took place pre-GDPR, the enforcement powers in the preceding legislation (Data Protection Act 1998) applied.
The ICO found Cathay Pacific’s systems were entered via a server connected to the internet and malware was installed to harvest data. A catalogue of errors were found during the ICO’s investigation including: back-up files that were not password protected; unpatched internet-facing servers; use of operating systems that were no longer supported by the developer and inadequate anti-virus protection.
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/5dcaad168cb6230d740f6dc1/2023-06-26-15-46-15-758-6499b2c7436bdee0ca01af9f.jpg)
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/5fdc8e9ffac8ca1158b1b7d7/2023-12-01-22-37-55-942-656a60433b5a7af6a9befd6d.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2023-12-01-00-40-33-309-65692b814065f67230cef2c1.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2023-11-28-13-31-45-093-6565ebc158285485435cf98f.jpg)
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/6160acfaf1267f111816f38b/2023-11-29-05-36-05-909-6566cdc55240b0b8c9a6e5de.jpg)