British Airways slapped with R430-million fine for data breach

  • British Airways slapped with R430-million fine for data breach

British Airways slapped with R430-million fine for data breach

The ICO said the investigation found the airline was "processing a significant amount of personal data without adequate security measures", breaking data protection law.

The investigation of the United Kingdom data protection watchdog concluded that British Airways failed to protect its customers on multiple levels, missing numerous opportunities to discover and mitigate the hacker attacks that resulted in the data breach. First, the airline has taken the security of its customer data a lot more seriously since the 2018 incident, and they have now applied state-of-the-art protection systems and all of the suggested precautionary measures.

Announcing the £20m fine, Elizabeth Denham, the information commissioner, described British Airways' "failure to act" as "unacceptable" and said the fine was the biggest it had ever issued despite the £163m reprieve.

After discovering the matter in 2018, the office said at the time that the fine to be imposed on British Airways would amount to about 183 million pounds sterling, but it was reduced to about 20 million pounds sterling with the hard conditions the company is going through due to the Corona epidemic.

Because the BA breach happened in June 2018, before the United Kingdom left the European Union, the ICO investigated on behalf of all European Union authorities as lead supervisory authority under the GDPR.

The data stolen included log in, payment card and travel booking details as well name and address information.

A further 77,000 customers had their combined card and CVV numbers accessed, and an additional 108,000 customers had just their card numbers accessed.

It's additionally unclear whether or not the airline would have noticed the assault by itself, which was thought-about a "extreme failing" due to the variety of folks affected and the potential monetary harm that might have been achieved, based on regulators.

"When organizations take poor decisions around people's personal data, that can have a real impact on people's lives". "The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security".

ICO investigators found that BA did not detect the attack on June 22, 2018 themselves but were alerted by a third party more than two months afterwards on September 5.

"We alerted clients as quickly as we grew to become conscious of the felony assault on our programs in 2018 and are sorry we fell wanting our clients' expectations", British Airways mentioned in an announcement Friday.

The ICO said "the economic impact of COVID-19" had been taken into account in issuing the fine.

On Monday, IAG announced it was replacing BA's chief executive Alex Cruz with Aer Lingus boss Sean Doyle with immediate effect. The airline was accused of threatening a "fire and rehire" scheme which saw some employees facing pay cuts of up to 50 per cent.