Latest in Tomorrow

Image credit: ASSOCIATED PRESS

UK regulator to hit British Airways with record fine over 2018 hack

The Information Commissioner's Office is showing its teeth.
254 Shares
Share
Tweet
Share
Save

Sponsored Links

ASSOCIATED PRESS

The UK's data privacy authority has announced it intends to levy its largest ever fine against airline British Airways (BA). The airline will have to pay £183.39 million ($230 million) to the Information Commissioner's Office (ICO) for failing to protect its customers' data.

In September last year, hackers stole the data of anyone who booked a flight through the BA website over a two-week period, affecting around 380,000 people. The pilfered data included login details, payment information, travel booking information, and addresses. The attack was coordinated by a well-established group who were also responsible for other security breaches like the one affecting ticket website Ticketmaster UK.

The ICO blamed the incident on "poor security" at BA. Information Commissioner Elizabeth Denham said: "People's personal data is just that -- personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear -- when you are entrusted with personal data you must look after it."

Previous fines given out by ICO have been for pocket change, like the paltry £15,000 which Cambridge Analytica was fined for failing to hand over its data on an American citizen, or the £500,000 charged to Facebook for its role in the same Cambridge Analytica scandal. This is a drop in the ocean for a huge company like Facebook, although it was the maximum allowable fine at the time at which the incident occurred.

However, with the General Data Protection Regulation (GDPR) now in place, potential fines for businesses which lose customer data can be much higher. The ICO has shown it is willing to crack down in a serious way, by imposing a fine of 1.5% of BA's global turnover for the year. For airlines which run on very slim margins, this is a significant cut.

Alex Cruz, British Airways chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused."

The airline may have responded quickly to the breach, but it is still responsible for the poor security which allowed the hackers to access the data in the first place. BA has said it intends to appeal the finding, which the ICO has said it will consider before making a final decision.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
254 Shares
Share
Tweet
Share
Save

Popular on Engadget

Reddit bans 61 accounts linked to 'suspected campaign from Russia'

Reddit bans 61 accounts linked to 'suspected campaign from Russia'

View
Noir detective game 'Blacksad' will be out for consoles on December 10th

Noir detective game 'Blacksad' will be out for consoles on December 10th

View
Google is ending support for the Explorer Edition of Glass

Google is ending support for the Explorer Edition of Glass

View
Despite the HQ2 debacle, Amazon will add office space in Manhattan

Despite the HQ2 debacle, Amazon will add office space in Manhattan

View
Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr