Unpatched servers, getting older desktops, no passwords…
The UK’s Information Commissioner’s Place of work (ICO) has slammed Cathay Pacific for its “basic security inadeqacies” and fined it £500,000 – the optimum below the 1998 Facts Safety Act – following the airline leaked the individual data of millions of buyers.
A litany of simple security mistakes at the airline resulted in the compromise [pdf] of four of its databases by two distinctive malicious actors one of which accessed a “remote VPN, an exterior experiencing software platform and an administrative console”.
The breaches took area around a four-12 months interval and had been not noticed till 2018, in advance of GDPR came into power. As a final result Hong Kong-based mostly airline has averted a multi-million wonderful of the sort tentatively imposed on BA and the Marriott lodge team in 2019.
(No matter whether BA and Marriott will be