Cathay Pacific has been slapped with a fine for leaving customers’ personal details vulnerable to hackers.
The personal details of about 9.4 million people – 111,578 of whom were from the UK – were exposed in cyberattacks during 2018.
Hackers first used a scattergun approach, inputting numerous passwords or phrases in the hope of eventually landing on one that was correct.
Cathay Pacific responded by employing a cybersecurity firm, which reported the incident to the Information Commissioner’s Office (ICO).
The ICO found Cathay Pacific’s systems were entered via an online server to install malware.
It has ruled that between October 2014 and May 2018, the airline’s computer systems were not secure enough, with errors including back-up files not password protected, use of outdated systems and inadequate anti-virus software.
The airline did not satisfy four-fifths of the National Cyber Security Centre’s basic Cyber Essentials guidance, the ICO said, and must now pay a £500,000 fine.