2 Robert Speck Parkway, Suite 298 Mississauga ON
+1 888 366 4443
info@gige.ca

Lessons Learned From The Cathay Pacific Data Breach

IT Services & IT Solutions Mississauga & Toronto

Lessons Learned From The Cathay Pacific Data Breach

   Blog Posts IT Security IT Services IT Support Network Security    March 10, 2020 |  0
cathay pacific cyberattack

Hong Kong airline company Cathay Pacific was fined 500 000 pounds by the UK Information Commissioner’s office due to a data leak where 9.4 million user records were leaked. Of the affected individuals, over 100 000 were from the UK.

The data breach was the result of unauthorized access to Cathay Pacific’s servers that dated back to October of 2018.  In a statement on the breach, Cathay Pacific stated that it would like to “sincerely apologize for this incident”.

The UK’s Information Commissioner’s Office discovered that the  data breach had resulted in the records between October 2014 and May 2018 to be leaked.

This incident illustrates the importance of applying security patches to protect organization server. Cathay stated that it suspects the data breach occurred due to a known security vulnerability being exploited by cyberattackers. In its investigation, the UK Information Commissioner discovered that the company did not apply the security update fixing the patch, which was released over a decade prior to the attack. The vulnerability, which was not publically named, was in fact discovered in February 2007. It is known that attackers exploiting this vulnerability does not need technical skills and is able to get administrative access to a victim’s computer. Cathay pacific admitted that its regular vulnerability scans, which are used to detect potential security flaws in the company’s network, was not able to detect the vulnerability for over 10 years. It was discovered that one of the systems that was compromised had 16 security updates that were pending.

Another reason that the Cathay Pacific data breach occurred was that one if its servers was running an operating system that was no longer supported by its developer. Operating systems (O.S.), like many other software, requires constant updates to repair new security vulnerabilities that are discovered. After an operating system becomes end-of-life, however, the developer no longer releases software updates for it, leaving computers still running the operating system vulnerable to cyberattack. The most recent instance of this occurring is the Windows 7 End of life, which occurred on January 14th of 2020. You can read more about operating system patches in our article here.

It is clear from the Cathay Pacific data breach that proper patch management is an important facet of keeping your organization’s IT safe from cyberattack. GIGE IT solutions’ network experts help you organization identify vulnerabilities in your organizations’ network. We audit and provide consultation and remediation strategies to help you stay protected from data leaks and cyberattacks.

 

Cloud Solutions
IT Services
IT Solutions
Hours & Info
2 Robert Speck Parkway, Suite 298, Mississauga, ON L4Z 1H8
(888) 366-4443
info@gige.ca
Mon to Fri 8:30AM-5PM
Weekends Closed

Managed IT Services

Backup Process Engineering

Telephony

IT Support Help Desk

E-mail and Remote Connection

IT Infrastructure

Security IT Services

Data Storage Management

Server OS Update

Locations

Aurora

Brampton

Hamilton

Markham

Milton

Mississauga

Newmarket

Richmond Hill

Scarborough

Toronto

Vaughan

Navigation

Home

About Our IT Support

Cloud Solutions

Managed IT Services

IT Solutions

 

©  2022 GIGE IT Solutions: IT Services Mississauga. Built using WordPress and the Mesmerize Theme

%d bloggers like this: