British Airways looking at record $230M fine over last year’s data breach
The Information Commissioner’s Office today announced that British Airways could be fined £183.39 million ($230 million) for a data breach that occurred last year.
At the time it was said the hack involved “malicious software on a customer support product hosted by an external supplier.” An investigation ensued, with the company waiting to see what it would be fined under the General Data Protection Regulation. BA said today that it was “surprised and disappointed” by the heavy penalty.
Nonetheless, about 500,000 people who had gone to the BA website and then were tricked into visiting a fraudulent site had their information harvested. It was first reported that the breach had happened in September 2018 and affected 380,000 people, although the investigation revealed the hack likely had started in June that year.
The ICO said in its report released today that BA must take responsibility since security at the company was lax. That poor security allowed hackers to see log-in details, names and address, travel details and payment cards. BA has since cooperated with the investigation and it’s reported has since bolstered its security.
“People’s personal data is just that – personal,” said Information Commissioner Elizabeth Denham. “When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
The fine itself is much larger than any other find handed down by the ICO. After the BA penalty, the next-largest fine was £500,000 ($625,000) Facebook Inc. had to pay after the Cambridge Analytica breach. That happened before new GDPR rules made it possible to fine a company 4 percent of its annual turnover.
BA has 28 days to appeal. “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals,” a spokesperson for BA’s parent company International Airlines Group said in a statement.
Photo: Colin Brown/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU