Latest in Tomorrow

Image credit: ASSOCIATED PRESS

UK regulator to hit British Airways with record fine over 2018 hack

The Information Commissioner's Office is showing its teeth.
251 Shares
Share
Tweet
Share

Sponsored Links

ASSOCIATED PRESS

The UK's data privacy authority has announced it intends to levy its largest ever fine against airline British Airways (BA). The airline will have to pay £183.39 million ($230 million) to the Information Commissioner's Office (ICO) for failing to protect its customers' data.

In September last year, hackers stole the data of anyone who booked a flight through the BA website over a two-week period, affecting around 380,000 people. The pilfered data included login details, payment information, travel booking information, and addresses. The attack was coordinated by a well-established group who were also responsible for other security breaches like the one affecting ticket website Ticketmaster UK.

The ICO blamed the incident on "poor security" at BA. Information Commissioner Elizabeth Denham said: "People's personal data is just that -- personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear -- when you are entrusted with personal data you must look after it."

Previous fines given out by ICO have been for pocket change, like the paltry £15,000 which Cambridge Analytica was fined for failing to hand over its data on an American citizen, or the £500,000 charged to Facebook for its role in the same Cambridge Analytica scandal. This is a drop in the ocean for a huge company like Facebook, although it was the maximum allowable fine at the time at which the incident occurred.

However, with the General Data Protection Regulation (GDPR) now in place, potential fines for businesses which lose customer data can be much higher. The ICO has shown it is willing to crack down in a serious way, by imposing a fine of 1.5% of BA's global turnover for the year. For airlines which run on very slim margins, this is a significant cut.

Alex Cruz, British Airways chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused."

The airline may have responded quickly to the breach, but it is still responsible for the poor security which allowed the hackers to access the data in the first place. BA has said it intends to appeal the finding, which the ICO has said it will consider before making a final decision.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
251 Shares
Share
Tweet
Share

Popular on Engadget

Qantas completes record 19-hour flight to test limits of air travel

Qantas completes record 19-hour flight to test limits of air travel

View
The best trackballs

The best trackballs

View
After Math: Stand and Delivery

After Math: Stand and Delivery

View
Honda's Accord Hybrid is a value-packed sedan

Honda's Accord Hybrid is a value-packed sedan

View
NASA's InSight lander can finally dig a hole for its Mars heat probe

NASA's InSight lander can finally dig a hole for its Mars heat probe

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr