British Airways to be fined a record £183 million by UK data watchdog due to a data breach, which occurred last year.
Information Commissioner’s Office (ICO) stated “poor security arrangements” by the company had led to the breach of credit card information, names, addresses, travel booking details, and logins of about 500,000 customers.
The fine is the largest since the Facebook debacle with Cambridge Analytica affecting millions of people profiles..
28 Days Later
British Airways have just 28 days following to appeal the fine.
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.” Information Commissioner Elizabeth Denham.
The £500,000 seems light as the Facebook case actually affected 87 million users, however that was due to restrictions under the previous data regulation rules, the 1988 Data Protection Act. Should the matter have occurred under GDPR this would have been significantly higher, up to 4% of the annual worldwide turnover.
“surprised and disappointed”, British Airways’ chairman and chief executive Alex Cruz in responce to the ICO’s decision, “the company has found no evidence of fraudulent activity on accounts linked to the breach.” The ICO have been very fast to commend BA in how they have reacted following the breach, cooperating with the investigation and plugging the holes since the breach to reduce risk ongoing.