Peter Carlisle, Entrust’s VP of Sales, EMEA, recently shared his thoughts on the Cathay Pacific data breach. According to the airline, hackers were able to access the personal data of up to 9.4 million passengers. Leaked data includes passengers’ names, dates of birth, phone numbers, email addresses and passport numbers.
The Cathay Pacific hack comes on the heels of last month’s British Airways data hack. Last week, British Airways disclosed that breach was worse than it initially thought.
A portion of Carlisle’s comments addressing the breach were published in IT Pro Portal. His full comment may be found below.
Large-scale data breaches seem to be becoming an all too regular occurrence, and Cathay Pacific follows a succession of airlines falling victim over the past few months. As sophisticated and well-funded threat actors adapt quickly to new security measures, trying to protect customer data has become an exhausting process. But the best defence in cybersecurity is a proactive one. It’s simply not acceptable that any organisation, especially one of this size, was not protecting all of its data so that it was secured against any kind of attack.
To protect customers, and their valuable personal data, businesses must have complete visibility and control over exactly where their data resides, and adopt an encrypt-everything approach, particularly in this case when personal information, including passport and ID card numbers, was involved. Data that is encrypted is useless to hackers after all.
With the GDPR in full force, it’s no longer just a lack of customer trust and a tarnished reputation organisations need to be worried about, though this particular incident occurred before the regulation came into force. Nonetheless, the risk of weighty financial penalties means the perils of a data breach have got a lot more serious.