British Airways facing $330m GDPR fine


By Dylan Bushell-Embling
Tuesday, 09 July, 2019

British Airways facing $330m GDPR fine

The UK’s Information Commissioner’s Office (ICO) has proposed to fine British Airways £183.39 million ($329.7 million) in relation to a data breach affecting the private information of around 500,000 customers.

The regulator has issued a notice of intent to fine the airline under the EU’s General Data Protection Regulation.

The fine would be the equivalent of around 1.5% of British Airways’ annual global revenue and would be the biggest ever fine issued under the GDPR, both in terms of the actual amount and the proportion of revenue used to determine the size of the penalty.

According to the ICO, the penalty has been proposed following an “extensive investigation” into a cyber incident reported by the company in September. During this incident, attackers diverted traffic to the British Airways to a fraudulent site and harvested customer details of around 500,000 customers as a result.

The ICO said its investigation found that poor security arrangements at the company had left a variety of information compromised, including login, payment card and travel booking details as well name and address information.

“People’s personal data is just that — personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” Information Commissioner Elizabeth Denham said.

“That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways has made improvements to its security arrangements since the attack was disclosed, the ICO said. The company and other European data authorities will now have a chance to make representations to the regulator to influence the final decision on the size of the fine.

But British Airways and parent company International Airlines Group have vowed to appeal the proposed fine, insisting that British Airways “responded quickly to a criminal act to steal customers’ data”.

Image credit: ©stock.adobe.com/au/potowizard

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd