British Airways fined £183m over computer theft of passenger data
Using new rules to prevent and impose fines for data breach, Britain’s information regulator on Monday announced a record £183.39 million fine on British Airways (BA) for a 2018 breach that led to its website users diverted to a fraud site.Updated: Jul 08, 2019 17:08 IST
Using new rules to prevent and impose fines for data breach, Britain’s information regulator on Monday announced a record £183.39 million fine on British Airways (BA) for a 2018 breach that led to its website users diverted to a fraud site.
The highest fine so far was £500,000 imposed on Facebook for its role in the Cambridge Analytica scandal, but the Information Commissioner’s Office (ICO) used new norms under the General Data Protection Regulations (GDPR) that came into force across the EU in 2018 to fine BA.
The ICO’s announcement is an ‘intention to fine’ the amount. BA has 28 days to appeal against it. The airline said it had apologised to customers and would appeal and defend its position vigorously.
BA said the issue arose after hackers carried out what it called a “sophisticated, malicious criminal attack”, adding it is “surprised and disappointed” by the fine. Details of 5 lakh customers were harvested by the fraudulent site, the ICO said.
The ICO’s investigation found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.
Information commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience”.
“That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights”.
The GDPR came into force following a major shake-up of privacy laws, which increase fines for data breach up to 4 per cent of a company’s turnover.