Latest in Tomorrow

Image credit: ASSOCIATED PRESS

UK regulator to hit British Airways with record fine over 2018 hack

The Information Commissioner's Office is showing its teeth.
244 Shares
Share
Tweet
Share
Save

Sponsored Links

ASSOCIATED PRESS

The UK's data privacy authority has announced it intends to levy its largest ever fine against airline British Airways (BA). The airline will have to pay £183.39 million ($230 million) to the Information Commissioner's Office (ICO) for failing to protect its customers' data.

In September last year, hackers stole the data of anyone who booked a flight through the BA website over a two-week period, affecting around 380,000 people. The pilfered data included login details, payment information, travel booking information, and addresses. The attack was coordinated by a well-established group who were also responsible for other security breaches like the one affecting ticket website Ticketmaster UK.

The ICO blamed the incident on "poor security" at BA. Information Commissioner Elizabeth Denham said: "People's personal data is just that -- personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear -- when you are entrusted with personal data you must look after it."

Previous fines given out by ICO have been for pocket change, like the paltry £15,000 which Cambridge Analytica was fined for failing to hand over its data on an American citizen, or the £500,000 charged to Facebook for its role in the same Cambridge Analytica scandal. This is a drop in the ocean for a huge company like Facebook, although it was the maximum allowable fine at the time at which the incident occurred.

However, with the General Data Protection Regulation (GDPR) now in place, potential fines for businesses which lose customer data can be much higher. The ICO has shown it is willing to crack down in a serious way, by imposing a fine of 1.5% of BA's global turnover for the year. For airlines which run on very slim margins, this is a significant cut.

Alex Cruz, British Airways chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused."

The airline may have responded quickly to the breach, but it is still responsible for the poor security which allowed the hackers to access the data in the first place. BA has said it intends to appeal the finding, which the ICO has said it will consider before making a final decision.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
244 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Chicago will test Samsung's DeX in-vehicle solution in cop cars

Chicago will test Samsung's DeX in-vehicle solution in cop cars

View
Apple warns against storing its titanium credit card in leather

Apple warns against storing its titanium credit card in leather

View
Microsoft tests more control for apps that restart with Windows 10

Microsoft tests more control for apps that restart with Windows 10

View
Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

Terminator T-800 and The Joker are coming to 'Mortal Kombat 11'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr