Latest in Tomorrow

Image credit: ASSOCIATED PRESS

UK regulator to hit British Airways with record fine over 2018 hack

The Information Commissioner's Office is showing its teeth.
251 Shares
Share
Tweet
Share
Save

Sponsored Links

ASSOCIATED PRESS

The UK's data privacy authority has announced it intends to levy its largest ever fine against airline British Airways (BA). The airline will have to pay £183.39 million ($230 million) to the Information Commissioner's Office (ICO) for failing to protect its customers' data.

In September last year, hackers stole the data of anyone who booked a flight through the BA website over a two-week period, affecting around 380,000 people. The pilfered data included login details, payment information, travel booking information, and addresses. The attack was coordinated by a well-established group who were also responsible for other security breaches like the one affecting ticket website Ticketmaster UK.

The ICO blamed the incident on "poor security" at BA. Information Commissioner Elizabeth Denham said: "People's personal data is just that -- personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear -- when you are entrusted with personal data you must look after it."

Previous fines given out by ICO have been for pocket change, like the paltry £15,000 which Cambridge Analytica was fined for failing to hand over its data on an American citizen, or the £500,000 charged to Facebook for its role in the same Cambridge Analytica scandal. This is a drop in the ocean for a huge company like Facebook, although it was the maximum allowable fine at the time at which the incident occurred.

However, with the General Data Protection Regulation (GDPR) now in place, potential fines for businesses which lose customer data can be much higher. The ICO has shown it is willing to crack down in a serious way, by imposing a fine of 1.5% of BA's global turnover for the year. For airlines which run on very slim margins, this is a significant cut.

Alex Cruz, British Airways chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused."

The airline may have responded quickly to the breach, but it is still responsible for the poor security which allowed the hackers to access the data in the first place. BA has said it intends to appeal the finding, which the ICO has said it will consider before making a final decision.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
251 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Australia will help NASA go to the Moon and Mars

Australia will help NASA go to the Moon and Mars

View
Apple gets US approval for Mac Pro tariff exemptions

Apple gets US approval for Mac Pro tariff exemptions

View
TiVo says all retail DVR owners will see ads before recorded shows

TiVo says all retail DVR owners will see ads before recorded shows

View
Batman comes to 'Fortnite' along with Catwoman and Gotham City

Batman comes to 'Fortnite' along with Catwoman and Gotham City

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr