Airlines aren't having a great time this week.  The ICO announced this week enforcement action taken against Cathay Pacific for failing to secure its customers’ personal data, involving a "number of basic security inadequacies".

As the breach took place pre-GDPR, the enforcement powers in the preceding legislation (Data Protection Act 1998) applied.