Data Security

British Airways to pay more than £180M fine after 2018 data breach

Data protection specialists reported that British Airways is facing a fine of up to £180M due to the data breach that occurred in the company last year.

After investigating the incident, the UK
Information Commissioner’s Office (ICO) concluded that “security
deficiencies in the company” led to the loss of information such as personal
data, bank details, besides flights, reservations and logins for more than half
a million airline customers.

If the ICO’s decision is applied as intended,
this would be the largest fine imposed after an information security incident
in UK history, a record so far held by Facebook, due to the Cambridge
Analytica
scandal. British Airways has one month to appeal the data
regulator’s decision. “The theft of personal information is a very serious
incident, companies should take better measures to protect the privacy of their
users,” said Elizabeth Denham, British Information Commissioner.

According to data protection experts, just a
year ago the ICO imposed a historic fine for Facebook (more than £500k) due to non-compliance with user data protection, granting access
to multiple third party companies, including the analysis firm Cambridge
Analytica; this is estimated to have affected more than 80 million social media
users.

The ICO added that the fine for Facebook was
the maximum amount allowed by the UK Data Protection Act, passed in 1998.
“The incident occurred when GDPR was not yet in effect,” she said.
The European Union General Data Protection Regulation (GDPR) establishes
significantly higher fines for data breach incidents; under the new law, a
company can be fined for up to 4% of its annual revenue.

On the other hand, a spokeswoman for the
airline stated that British Airways was “surprised and deeply disappointed”
by the ICO’s decision. “There is no evidence to prove any kind of
fraudulent activity on accounts affected by the data breach”, the
spokesman said.

Despite the company’s annoyance, data
protection experts from the International Institute of Cyber Security (IICS)
say British Airways has been collaborating on ICO research, as well as
implementing security measures recommended by British data watchdogs.

To Top

Pin It on Pinterest

Share This