How much will Cathay Pacific be fined by UK regulator, given British Airways’ record US$229 million penalty over similar data breach?
- Both airlines last year suffered major cyberattacks, with data of 9.4 million Cathay passengers affected, and half a million customers involved for British carrier
- BA was hit with a fine equivalent to 1.5 per cent of its revenue in 2017, and by same benchmark, Cathay could lose US$186.5 million
In an era of tighter rules on how companies manage personal data, the hefty fine by Britain’s Information Commissioner’s Office (ICO) on Monday was the first major penalty for a company governed by Europe’s tough General Data Protection Regulation, introduced last summer.
The ICO did not explain how it decided on the fine but BA said it intended to challenge the penalty. On two occasions last year, the company suffered from data breaches involving the loss of credit card information that affected half a million people.
Hong Kong’s privacy commissioner last month criticised Cathay Pacific for its 2018 data breach in which 9.4 million customers were affected – one of the worst-ever losses of customer data. The watchdog slammed Cathay for being too lax in protecting its data systems, which had been accessed without authorisation.
With British citizens among Cathay passengers affected, Hong Kong’s flag carrier is also under investigation by the ICO. In a statement, British Information Commissioner Elizabeth Denham said of BA’s fine: “People’s personal data is just that – personal.