was today told it will have to pay a record £183million fine for a data breach that saw card details of more than 380,000 customers stolen from its website and app.
The Information Commissioner’s Office has imposed the huge cash penalty on the airline – equivalent to 1.5 percent of its turnover in 2017 – after one of the most serious cyber attacks to hit a UK history last year.
BA called in the police in September 5, 2018 after a cyber attack was detected by staff – 16 days after it started on August 21.
British Airways has been handed a huge £183 million fine after card details of more than 380,000 customers were stolen from its website and app
During the data breach tens of thousands of customers had their name, billing address, email address, card payment information – including card number, expiry date and their CVV security code – potentially compromised.
Hundreds of thousands more had their personal details taken without their CVV code captured, it was said.
British Airways chairman Alex Cruz said today the airline was ‘disappointed’ by the initial finding – despite initial warnings the fine could be up to £500million.
He said: ‘British Airways responded quickly to a criminal act to steal customers’ data.We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.’
IAG chief executive Willie Walsh said it would consider appealing the fine as it seeks ‘to take all appropriate steps to defend the airline’s position vigorously’.
The data breach affected 380,000 customers who booked flights online or via the BA app between April 21 and July 28, 2018, and who used a payment card. If you liked this write-up and you would such as to receive more details regarding best cc shop kindly go to our webpage.
BA has insisted it had told customers about the security breach as soon as it could.
But the cyber failure is a massive blow to the airline’s once renowned reputation for customer service with some victims vowing never to use them again.
The stolen data did not include passport details but did include ‘personal information, the airline said.
BA said it had received no reports from customers who had had money fraudulently taken out of their account.
Following disclosure of the hack, BA promised to compensate affected customers and took out full-page adverts in British newspapers, including the Daily Mail, to apologise to passengers.
It had meanwhile described the mass theft as ‘a very sophisticated, malicious, criminal attack on our website’.
BA called in the police in September 5 2018 after a cyber attack was detected by staff – 16 days after it started on August 21
IAG is the owner of five airlines, including also Aer Lingus, Iberia, Level and Vueling, none of which were affected by the hack.
GDPR establishes the key principle that individuals must explicitly grant permission for their data to be used.
The case for the new rules had been boosted by a scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.
BA’s proposed penalty is roughly 367 times the £500,000 imposed on Facebook over the scandal.
Rachel Aldighieri, managing director of the Data & Marketing Association (DMA), said: ‘This is the first fine the ICO has announced under the new GDPR laws and the level of the proposed fine is unprecedented in the UK, highlighting the importance all businesses should place on the security of customers’ data.
‘Data is a fundamental part of the digital economy, so maintaining its security must be a business imperative.Trust in how brands collect, store and use data is essential to the relationship between businesses and their customers.
‘The risks to BA go beyond the potential fines regulators can issue too, the long-term effects on customer trust, share price and public perception could have more lasting damage.’
<div class="art-ins mol-factbox news" data-version="2" id="mol-ce971050-a16b-11e9-ba21-6f9810802753" website Airways will be fined more than £189m over data breach