Pular para o conteúdo

Data Breach: ICO UK Fines Airline £20 Million for Insufficient Security

Data Breach: ICO UK Fines Airline £20 Million for Insufficient Security

Jurisdiction(s): European Union
Ranking: 
Authority  StarStarStarStarStar
RiskGuidance  StarStarStarStar
ControlGuidance  StarStarStarStarStar
Industry:  Transportation  |  BusinessActivity:  Information Security – Organisational Measures, Information Security – Technical Measures, Breach Response, Understanding Enforcement Actions

An attacker gained access to the company’s network, compromising the financial data (card numbers, CVV numbers) of 429,612 customers; the compromised application was not protected by multi-factor authentication, access log files and login details to a privileged domain administrator account were stored in plaintext, and unprotected files containing the code for the company’s website allowed the attacker to redirect customer payment card data to an external website controller by the attacker.

 

pt_BRPortuguese