July 8, 2019
Photo courtesy of British Airways
British Airways has been fined $229 million (183 million British pounds) by the U.K. Information Commissioner's Office for a September 2018 data breach, the airline and regulator said in separate announcements.
British Airways announced in a disclosure to the London Stock Exchange that the ICO would fine the airline under the U.K. Data Protection Act. The carrier apologized to customers, but expressed disappointment in the fine and said it would appeal the case.
"We are surprised and disappointed in this initial finding from the ICO," Alex Cruz, chairman and CEO of British Airways, said in the filing. "British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft."
The ICO, in response to the BA filing, said that personal data of 500,000 BA customers was compromised during the incident, which is believed to have begun in June 2018 when user traffic was diverted from BA to a fraudulent website.
The ICO investigation found that a variety of information was compromised, including names, addresses, login information, payment data and other information. The ICO has been the lead agency in the investigation, in which BA violated the General Data Protection Regulation.
"People's personal data is just that — personal," Elizabeth Denham, ICO commissioner, said in the announcement. "When an organization fails to protect it from loss, damage or theft, it is more than just an inconvenience."
She said the law is clear that entities that are entrusted with personal data must look after it.
"Those that don't will face scrutiny from my office to check that they have taken appropriate steps to protect fundamental privacy rights," she said in the announcement.
Topics: Mobile Payments, Region: EMEA, Security
Sponsored Links: