British Airways facing $330m GDPR fine

By Dylan Bushell-Embling
Tuesday, 09 July, 2019

British Airways facing $330m GDPR fine

The UK’s Information Commissioner’s Office (ICO) has proposed to fine British Airways £183.39 million ($329.7 million) in relation to a data breach affecting the private information of around 500,000 customers.

The regulator has issued a notice of intent to fine the airline under the EU’s General Data Protection Regulation.

The fine would be the equivalent of around 1.5% of British Airways’ annual global revenue and would be the biggest ever fine issued under the GDPR, both in terms of the actual amount and the proportion of revenue used to determine the size of the penalty.

According to the ICO, the penalty has been proposed following an “extensive investigation” into a cyber incident reported by the company in September. During this incident, attackers diverted traffic to the British Airways to a fraudulent site and harvested customer details of around 500,000 customers as a result.

The ICO said its investigation found that poor security arrangements at the company had left a variety of information compromised, including login, payment card and travel booking details as well name and address information.

“People’s personal data is just that — personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” Information Commissioner Elizabeth Denham said.

“That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways has made improvements to its security arrangements since the attack was disclosed, the ICO said. The company and other European data authorities will now have a chance to make representations to the regulator to influence the final decision on the size of the fine.

But British Airways and parent company International Airlines Group have vowed to appeal the proposed fine, insisting that British Airways “responded quickly to a criminal act to steal customers’ data”.

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Australian Cyber Week returns for 2020

AustCyber will launch Australian Cyber Week from 26–30 October 2020 on its virtual...

Call for applicants for 2021 ADF Cyber Gap Program

Cyber students interested in pursuing a career with the Australian Defence Force have been...

Researchers develop quantum-safe blockchain protocol

Researchers have developed MatRiCT, a blockchain protocol that is secure against quantum...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd