British Airways Faces £183 Million Fine for 2018 Data Breach
This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.
Following its massive 2018 data breach, British Airways faces a fine of £183 million from the Information Commissioner Office (ICO). The figure is the largest fine ever issued by the ICO, following the introduction of strict new General Data Protection Regulations (GDPR) last year.
Under GDPR regulations, the ICO had the ability to impose a fine of up to 4% global turnover, though the £183 handed down is 1.5% of the airline’s global turnover for the year ending 31 December 2018. The ICO determined that 500,000 BA customers were affected, which is significantly higher than the 380,000 the airline publicly stated had been compromised.
The ICO was critical of BA’s information security practices in making its ruling and determining the fine, pointing to poor security arrangements from log in through to payment information processes.
British Airways Chairman and CEO Alex Cruz said that the airline was “surprised and disappointed” by the ICO’s findings and penalty, adding that “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft”.
Parent company International Airlines Group insisted the airline would “defend the airline’s position vigorously, including making any necessary appeals”.
The notice of the £183 million fine advises the airline that the ICO intends to fine the airline in the amount stated in the notice, although has not yet done so. British Airways has 28 days to lodge an appeal to the notice.
Featured image by Grzegorz Bajor via Getty Images
Welcome to The Points Guy!