Hong Kong’s flagship airline Cathay Pacific Airways was fined with $970,000 for a data breach that exposed personal information of millions of passengers.
Authorities said that the carrier failed to protect the details of 9.4 million people as their names, passport details, dates of birth, phone numbers, addresses and travel history were leaked in the company’s computer systems.
The massive security breach was first detected by Cathay Pacific in March 2018 when it experienced a “brute force” password-guessing attack. This was immediately reported to the Information Commissioner’s Office who later found “catalogue of errors.”
In October of the same year, the affected customers were informed about the hacking incident which they attributed to the lack of appropriate security measures.
Steve Eckersley, ICO’s director of investigations said the Hong-Kong based carrier was found to have several inadequacies in its system that gave access to the hackers.
“The multiple serious deficiencies we found fell well below the standard expected. At its most basic, the airline failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance,” he said.
Cathay Pacific has once again expressed its apologies for the incident and ensured that necessary upgrades on its I.T. infrastructure and security systems were already made after the leakage.
“We will continue to co-operate with relevant authorities to demonstrate our compliance and our ongoing commitment to protecting personal data,” the company spokesperson said.