Cathay Pacific fined £500,000 for failing to protect customer data
Yet another airline is handed a significant fine for failures to protect their customer data. Between May 2014 and October 2018, Cathay Pacific’s IT systems lacked proportional security, leading to the unauthorised access of millions of personal data records. Because the vulnerability was active before the GDPR came into force, the ICO penalised the airline under the Data Protection Act 1998.
Virgin Media breach compromises data of 900,000 people
The personal data of 900,000 individuals was left in a database that was unsecured and accessible online, resulting in a significant breach. Virgin Media had failed to spot the issue for over 10 months and were only alerted to the issue by a security researcher at TurgenSec. Affected individuals are being contacted and the ICO are beginning their formal investigation.
U.S. States Advance Copycat Privacy Legislation
With CCPA and GDPR shining a spotlight on data privacy rights throughout the USA, a number of states have started the legislative process of introducing their own copycat bills. These borrow from and build upon the CCPA and GDPR, with states including Nevada, Virginia, Florida, Washington State, New Hampshire and Illinois all at various stages of implementation. Calls for a federal data privacy law persist.
Carnival Cruise Lines Hit by Cyber Attack
In a statement on March 2nd, Carnival announced the cyber attack – which affected passengers and crew of Princess Cruise and Holland America Line – occurred as a result of deceptive and malicious emails sent to staff members with the aim of gaining unauthorised access to email accounts. They have reported the breach to relevant enforcement agencies and say they have worked quickly to contain the attack, with no evidence so far that data has been misused.