Data Breach: ICO UK Fines Airline £20 Million for Insufficient Security |
Jurisdiction(s): European Union |
An attacker gained access to the company’s network, compromising the financial data (card numbers, CVV numbers) of 429,612 customers; the compromised application was not protected by multi-factor authentication, access log files and login details to a privileged domain administrator account were stored in plaintext, and unprotected files containing the code for the company’s website allowed the attacker to redirect customer payment card data to an external website controller by the attacker. |