British Airways facing $330m GDPR fine


By Dylan Bushell-Embling
Tuesday, 09 July, 2019
British Airways facing $330m GDPR fine

The UK’s Information Commissioner’s Office (ICO) has proposed to fine British Airways £183.39 million ($329.7 million) in relation to a data breach affecting the private information of around 500,000 customers.

The regulator has issued a notice of intent to fine the airline under the EU’s General Data Protection Regulation.

The fine would be the equivalent of around 1.5% of British Airways’ annual global revenue and would be the biggest ever fine issued under the GDPR, both in terms of the actual amount and the proportion of revenue used to determine the size of the penalty.

According to the ICO, the penalty has been proposed following an “extensive investigation” into a cyber incident reported by the company in September. During this incident, attackers diverted traffic to the British Airways to a fraudulent site and harvested customer details of around 500,000 customers as a result.

The ICO said its investigation found that poor security arrangements at the company had left a variety of information compromised, including login, payment card and travel booking details as well name and address information.

“People’s personal data is just that — personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” Information Commissioner Elizabeth Denham said.

“That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways has made improvements to its security arrangements since the attack was disclosed, the ICO said. The company and other European data authorities will now have a chance to make representations to the regulator to influence the final decision on the size of the fine.

But British Airways and parent company International Airlines Group have vowed to appeal the proposed fine, insisting that British Airways “responded quickly to a criminal act to steal customers’ data”.

Image credit: ©stock.adobe.com/au/potowizard

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Veeam buys ransomware response company Coveware

Veeam has arranged to augment its cyber extortion incident response capabilities with the...

Commvault arranges to buy Appranix

Cyber resilience provider Commvault plans to leverage its acquisition of Appranix to help...

Fujitsu establishes security consulting division

Fujitsu's new digital security consulting division will help organisations prepare for and...

Content from other channels on our network

LAPP ÖLFLEX CLASSIC 110 control cables empower industrial connectivity

Delivering Dependable Fibre Optic Solutions for Challenging Environments through Enhanced Beam Cable Assemblies

Indonesia moves towards power grid resilience

Qld networks launch powerline safety campaign

Virtual power plants installed at regional schools

The potential of flexible thin-film electronics for chip design

Drive the future of transportation with SCHURTER

Australia's largest electronics expo returns to Sydney

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

Central Highlands Water chooses Infor for ERP

The benefits and risks of AI usage in the public sector

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd