Archive for ‘fined’

  |  
06/03/2020

Cathay Pacific fined £500,000 over customer data protection failure

A Cathay Pacific plane lands on the tarmacImage copyright AFP

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways £500,000 for failing to protect customers’ personal data.

The UK watchdog said the airline’s computer systems had exposed details of 111,578 UK residents and a further 9.4 million people from other countries.

These included names, passport details, dates of birth, phone numbers, addresses and travel history.

“Appropriate security” was not in place between October 2014 and May 2018.

The ICO said Cathay Pacific became aware of a problem in March 2018, when it suffered a “brute force” password-guessing attack.

The Hong Kong-based firm reported this to the ICO. The regulator said it subsequently uncovered “a catalogue of errors” during a follow-up investigation, including:

  • back-up files that were not password protected
  • internet-facing servers without the latest patches
  • operating systems that were no longer supported by the developer
  • inadequate anti-virus protection

At least one attack involved a server with a known vulnerability – but the fix was never applied, despite having been public knowledge for more than 10 years.

Steve Eckersley, the ICO’s director of investigations, said there were “a number of basic security inadequacies across Cathay Pacific’s system, which gave easy access to the hackers”.

The airline failed four out of five of the basic cyber-essentials guidance from the National Cyber Security Centre, he added.

Presentational grey line

Analysis: A wake-up call for others

By Joe Tidy, Cyber-security reporter

I’m told investigators were extremely concerned by the failures they found. It paints a picture of a company that did not take security of personal data seriously, and today’s fine will be a wake-up call to them and other firms. It is, however, only a pittance compared to what it could have been if the hack had occurred more recently.

New GDPR rules have increased the potential maximum fine, and it’s clear the failures here would have warranted a far more severe punishment.

Instead of a £500k penalty, Cathay Pacific could have been hit with a share-holder sickening £470m fine – 4% of its annual global turnover.

Presentational grey line

The £500,000 fine Cathay Pacific is facing is the maximum possible under the Data Protection Act 1998, which was used instead of the newer GDPR “due to the timing of the incidents in this investigation”.

In July 2019, the ICO announced it would fine British Airways £183m for a breach of its systems, and the Marriott hotel group £99.2m. But both fines were delayed until later this year.

The ICO said that Cathay Pacific had acted promptly once it became aware, and sought expert help from a top cyber-security firm, and had also contacted affected customers.

The report also noted there were no confirmed cases of the personal data being misused – but that it was very likely it would be in future.

In a statement about the fine, Cathay Pacific said it “would once again like to express its regret, and to sincerely apologise for this incident”.

It said “substantial amounts” of money had been spent on security in the past three years.

“However, we are aware that in today’s world, as the sophistication of cyber-attackers continues to increase, we need to and will continue to invest in and evolve our IT security systems.”

Source: The BBC

Posted in addresses, £183m, £500,00, £500,000, British Airways, Cathay Pacific, customer, cyber-attackers, data protection, dates of birth, failure, fined, Hong Kong-based, Information Commissioner's Office (ICO), IT security systems, Marriott hotel group, names, passport details, personal data, phone numbers, travel history, UK watchdog, Uncategorized | Leave a Comment »

20/09/2019

Chinese woman fined US$28 for tossing coins from plane to ‘cure baby’s diarrhoea’

  • Superstitious medical student, 23, said it was customary in her hometown to throw money for good luck
  • Cousin’s child had fallen ill on flight from Jiangxi to Sichuan, she said
A woman was fined for tossing coins onto the apron at an airport in Sichuan province. Photo: Weibo
A woman was fined for tossing coins onto the apron at an airport in Sichuan province. Photo: Weibo
A woman who threw coins onto the parking apron at an airport in southwest China in the superstitious belief it might cure her cousin’s baby’s diarrhoea was instead fined 200 yuan (US$28), local media reported.
The incident happened on September 5, as the woman, surnamed Wang, and a group of her relatives arrived in Xichang, Sichuan province, after flying from Nanchang, Jiangxi province, to attend a family wedding, the Chengdu Business News reported on Friday.
Wang, 23, dropped the coins through the gap between the aircraft and the jet bridge as she and her family were disembarking.
Police said the medical student was shocked when she realised the trouble she had caused. Photo: Weibo
Police said the medical student was shocked when she realised the trouble she had caused. Photo: Weibo
Although no one spotted what she had done at the time, airport workers later found three coins on the ground while conducting a security check and reported the matter to the police.
Officers reviewed footage from the airport’s surveillance cameras and identified Wang as the guilty party and went to see her at her hotel the following morning, the report said.

Wang said that during the flight her cousin’s baby had suffered from diarrhoea and that it was customary in her hometown to toss coins in the hope it would bring the child good luck.

“She said she didn’t realise her action could have had a very serious outcome,” a police officer was quoted as saying, adding that Wang appeared shocked when she realised the trouble she had caused.

However, as her actions had not resulted in any delays to flights or created any other problems, she was charged only with a minor offence.

Many Chinese think tossing coins before a flight will bring them good luck. Photo: EPA
Many Chinese think tossing coins before a flight will bring them good luck. Photo: EPA

Wang, who recently completed a bachelor’s degree in medicine and was preparing to sit a graduate school entrance examination, was worried the incident might have an impact on her future education and job prospects, the officer said.

More than 5,000 people commented on the story on news portal 163.com, with one asking: “You are so superstitious, how can you treat patients?”

In recent years there have been numerous reports of Chinese travellers causing delays and being punished for tossing coins onto airport runways and even into aircraft engines.

In April, a woman was detained for throwing six coins as she was about to board a plane in southern China in the hope it would guarantee her a safe trip.

Source: SCMP

Posted in aircraft engines, Airport, airport runways, airport workers, apron, baby’s diarrhoea, Bachelor's degree, Chengdu Business News, child, Chinese travellers, Chinese woman, conducting, Cousin, cure, customary, diarrhoea, disembarking, fallen ill, Family, fined, flight, footage, future education, gap, good luck, graduate school entrance examination, ground, guarantee, guilty party, hometown, Hotel, incident, jet bridge, Jiangxi Province, job prospects, medical student, medicine, Nanchang, officers, parking apron, plane, Police, punished, reported, safe trip, security check, sichuan province, Superstitious, surveillance cameras, threw coins, throw money, tossing coins, Uncategorized, worried | Leave a Comment »

  |  
CCChang

Law of Unintended Consequences

continuously updated blog about China & India

ChiaHou's Book Reviews

continuously updated blog about China & India

What's wrong with the world; and its economy

continuously updated blog about China & India