Unpatched servers, aging desktops, no passwords…
The UK’s Information Commissioner’s Workplace (ICO) has slammed Cathay Pacific for its “basic stability inadeqacies” and fined it £500,000 – the greatest underneath the 1998 Information Security Act – after the airline leaked the particular facts of thousands and thousands of shoppers.
A litany of essential stability glitches at the airline resulted in the compromise [pdf] of four of its databases by two distinctive malicious actors 1 of which accessed a “remote VPN, an external struggling with application system and an administrative console”.
The breaches took spot over a four-calendar year time period and had been not noticed until finally 2018, just before GDPR came into power. As a outcome Hong Kong-based airline has avoided a multi-million fantastic of the sort tentatively imposed on BA and the Marriott lodge team in 2019.
(Regardless of whether BA and Marriott will be basically