British Airways facing $330m GDPR fine


By Dylan Bushell-Embling
Tuesday, 09 July, 2019

British Airways facing $330m GDPR fine

The UK’s Information Commissioner’s Office (ICO) has proposed to fine British Airways £183.39 million ($329.7 million) in relation to a data breach affecting the private information of around 500,000 customers.

The regulator has issued a notice of intent to fine the airline under the EU’s General Data Protection Regulation.

The fine would be the equivalent of around 1.5% of British Airways’ annual global revenue and would be the biggest ever fine issued under the GDPR, both in terms of the actual amount and the proportion of revenue used to determine the size of the penalty.

According to the ICO, the penalty has been proposed following an “extensive investigation” into a cyber incident reported by the company in September. During this incident, attackers diverted traffic to the British Airways to a fraudulent site and harvested customer details of around 500,000 customers as a result.

The ICO said its investigation found that poor security arrangements at the company had left a variety of information compromised, including login, payment card and travel booking details as well name and address information.

“People’s personal data is just that — personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” Information Commissioner Elizabeth Denham said.

“That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways has made improvements to its security arrangements since the attack was disclosed, the ICO said. The company and other European data authorities will now have a chance to make representations to the regulator to influence the final decision on the size of the fine.

But British Airways and parent company International Airlines Group have vowed to appeal the proposed fine, insisting that British Airways “responded quickly to a criminal act to steal customers’ data”.

Image credit: ©stock.adobe.com/au/potowizard

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Digital trust leaders outperform their peers: research

Companies categorised as leaders in implementing digital trust strategies are reaping the...

IT decision-makers believe AI is key to protect against cyber threats: report

According to reseach, 40% of Australian IT decision-makers believe the use of AI will help them...

New Relic upgrades app security testing suite

The New Relic Interactive Application Security Testing solution has been upgraded with new...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd