On 26-October 2018, Cathay Pacific Airways Limited (Cathay) announced that some of its information systems containing passenger data of up to 9.4 million people had been accessed by hackers. As over 110,000 residents of the United Kingdom (UK) had been affected from this incident, Cathay was fined 500,000 by the UK Information Commissioners Office in mid-February 2020. According to some articles and reports, the data breach was caused by a catalogue of basic information security inadequacies across Cathays system, including: - back-up files that were not password protected; - internet-facing servers without the latest patches; - operating systems that were no longer supported by the developer; and - inadequate anti-virus protection. During the investigation process conducted by a regulator in Hong Kong, it uncovered that Cathay had contravened the Data Protection Principle 2 - Accuracy and Retention as well.

Required:

a) Based on the above security inadequacies, suggest and explain any FOUR possible consequences to an accounting information system.

b) Discuss how Cathay contravened the Data Protection Principle 2. You should start with describing the captioned principle under the Personal Data (Privacy) Ordinance (Cap. 486).

c) Should we classify this data breach as a pure information technology issue? Explain