The hack involved personal data from around half a million customers Luke MacGregor/Bloomberg via Getty Images
British Airways is facing a record fine of more than 拢183 million over a customer data breach.
The penalty comes from the Information Commissioner鈥檚 Office, which says that personal data relating to around half a million passengers was compromised during a hacking incident last year.
Details of the hack – which is believed to have begun in June 2018 – were first revealed by the airline in September of that year.
Advertisement
The ICO’s investigation found that a variety of information was compromised by “poor security arrangements”, including log in, payment card and travel booking details as well as customers’ names and addresses.
Part of the scam involved passengers being diverted to a fake website, through which their details were harvested.
The 拢183.4 million fine is the largest the ICO has ever handed out, and represents 1.5 per cent of the firm鈥檚 turnover. The General Data Protection Regulation (GDPR), which came into force last year, means firms can be fined up to 4 per cent of their annual turnover for data breaches.
鈥淲hen an organisation fails to protect [personal data] from loss, damage, or theft, it is more than an inconvenience,鈥 says Information Commissioner Elizabeth Denham. 鈥淲hen you are entrusted with personal data you must look after it. Those that don鈥檛 will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.鈥
Alex Cruz, chairman and chief executive of British Airways, says he is 鈥渟urprised and disappointed鈥 by the penalty. 鈥淏ritish Airways responded quickly to a criminal act to steal customer鈥檚 data,鈥 he says. 鈥淲e have found no evidence of fraudulent activity on accounts linked to the theft.鈥
Topics:
