MY KOLKATA EDUGRAPH
ADVERTISEMENT
Regular-article-logo Tuesday, 05 November 2024

British Airways faces £183m data breach fine

The scam saw customers diverted to a fake website where credit card details were harvested by the attackers

AP London Published 08.07.19, 09:03 PM
The biggest fine to date under new, tougher data regulations.

The biggest fine to date under new, tougher data regulations. (Shutterstock)

Britain’s data regulator said on Monday it wants to fine British Airways £183 million over a data breach that compromised information on half a million customers — the biggest fine to date under new, tougher data regulations.

The airline revealed in September that it had been the victim of a hack. The scam saw customers diverted to a fake website where credit card details were harvested by the attackers.

ADVERTISEMENT

“People’s personal data is just that — personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” information commissioner Elizabeth Denham said.

“That’s why the law is clear — when you are entrusted with personal data you must look after it.” The regulator said that the proposed fine — equivalent to 1.5 per cent of the airline’s annual turnover — is the biggest it has ever imposed.

It comes about a year after EU member states began implementing the most sweeping change in data protection rules in a generation.

The General Data Protection Regulation, or GDPR for short, is designed to make it easier for EU residents to give and withdraw permission for companies to use personal information — but also forces companies that hold data to be accountable for looking after it. Authorities can fine companies up to 4 per cent of annual revenue or 20 million euros ($22.5 million), whichever is higher, for breaching the rules.

The information commissioner’s office says its investigation of BA found that “poor security arrangements” compromised login, payment card, and travel booking details as well as name and address information. The parent company of BA, International Airlines Group, said it would fight the proposed fine. It has 28 days to make its case in the first step of the process, which could take some time to complete. “British Airways will be making representations to the ICO in relation to the proposed fine,” said IAG’s CEO Willie Walsh said.

“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.” Shares in IAG were down as much as 1.95 per cent in early trading on Monday.

The proposed fine is the largest for the ICO since telling Facebook to pay £500,000 for allowing the political consultancy Cambridge Analytica to forage through the personal data of millions of unknowing Facebook users.

But the Facebook matter took place before the new GDPR rules came into effect and was the maximum penalty at the time of the incidents.

Follow us on:
ADVERTISEMENT
ADVERTISEMENT