UK data watchdog slaps a £500,000 fine on Cathay Pacific for 2018 9.4m customer data leak The Information Commissioner's Office has fined Cathay Pacific Airways £500,000 for leaky security that exposed the personal data of 9.4 million passengers - 111,578 of whom were from the UK. The breach, which occurred between October 2014 and May 2018, exposed passengers' names, passport and identity details, dates of birth, …
9.4 million customer data files @ £500.000 ends up being a measly £0.0532 per data file.
Ridiculous ...
The fine should have been no less than £10 per data file exposed.
The metadata in each file is worth a lot of cash to those who deal in those things as they are sold and resold many times over.
There have been far too many of these misshaps in the past few years and I cannot but wonder if they're all exclusively due to bad IT practises.
I think it is about time that those responsible for these blunders (really absurd in this day and age) be severely held to task.
O.
Would you like to read the article again? It's all explained in the last couple of paragraphs.
The £500k was the maximum fine allowed at the time of the offence. Under GDPR the fines can be much higher. There's even an example shown where British Airways are getting slapped with a £183 million fine for a breach affecting 500,000 customers - that is £366 per affected customer. So you only want to fine them £10 per customer - geez you're a bit soft on them, aren't you?
Read the article in full and most of the time everything you need to know will eventually be explained...
Now, now ...
Don't get jittery Luke.
I did read the article but it would seem you misunderstood what I wrote.
I'll try to clear it up:
I wrote that the a fine of £500.000 was ridiculous.
Whether it was the maximum permitted under the Data Protection Act 1998 or the minimum permitted under the Flying Flamingos Convention is absolutely irrelevant to the fact that the amount applied as a fine is ridiculous, maximum permitted or not.
And please read my post again:
I wrote that the fine should have been no less than £10 per data file exposed.
The word only in not there.
Cheers,
O.
> I wrote that the a fine of £500.000 was ridiculous.
It's the maximum allowed under the law applicable at the time, and yes it WAS ridiculous - but bear in mind that it was set and HELD at this low figure by our "business friendly" government.
It only went to higher levels once the EU forced the UK government to change it with the rollout of GDPR - and the government did everything it could to resist those changes.
"Taking back control" - among other things means a high possibility that if the government thinks it can get away with it, it will attempt to roll back the fines to traffic ticket nuisance levels. There's a very high historic antipathy to consumer protection laws amongst the Conservative party and their predecessors (who were also opposed to things like laws making sawdust and plaster of paris in sausages illegal, amongst other things)
The ominous black cloud on the Horizon isn't a storm. It's CHICKENS flying this way and looking for their roost.
I can't wait for the company I work for to get hacked now GDPR is in force.
I have tried for YEARS to get them to take security seriously. I have pleaded with them. I have tried to point out the potential cost. But with the PHBs its always the same old tired rhetoric.
"Well it hasn't happened yet so we must be OK".
No! You just don't KNOW if its happened yet.
Great. Worked myself up, now I need to go and have a beer....
Our FCC, SEC, or somebody, should be levying fines like that for every breach we have - because it is obvious that , " they don't take security seriously" at many US firms. I get tired of reading all the breaches, it is time to kick some arse!! 500,000 USD is better than nothing, which is what they get over here, nothing!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
