On March 4, 2020, the United Kingdom’s Information Commissioner’s Office (ICO) issued a £500,000 ($647,015) penalty against British airline company Cathay Pacific for a 2018 data breach that exposed the personal information of nearly 9.4 million customers globally.
A multi-month investigation by the ICO revealed several security flaws, including back-up files without password protection, unpatched Internet-facing servers, outdated operating systems, and inadequate antivirus protection, which allowed hackers to install malware on the airline’s computer system and access confidential customer information between 2014 and 2018.