News | Legal News

09 July 2019

British Airways fined over data breach

British Airways is facing an Information Commissioner’s Office (ICO) fine of £183 million after a breach of its security systems in 2018. It is the biggest penalty issued by the ICO to date.

When the breach took place, BA said that hackers had conducted a "sophisticated, malicious criminal attack" on its website.

The incident occurred after users of the British Airways' website were diverted to a fake site. Through this site, around 500,000 customers’ details were gathered by the hackers.

The Information Commissioner said: "People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.

"That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

Alex Zachary, corporate and commercial partner and GDPR lead comments:

“The GDPR adopts a risk-based approach to compliance, under which businesses bear responsibility for assessing the degree of risk that their processing activities pose to individuals.

"On this occasion BA failed to protect its customers’ details and have been fined a significant 1.5% of their annual turnover.

“In 2018, UK GDPR legislation changed to reflect Europe's GDPR which meant that companies could be fined up to 4% of annual turnover, so BA’s fine could have been a lot worse. But in comparison to Facebook’s fine of £500,000 over the Cambridge Analytics scandal when it was penalised under old laws, it is still a huge amount.”

For accessible, comprehensive advice or to discuss a comprehensive data protection meeting tailored to your business, please get in touch with Alex Zachary on or call 01753 279022.

Alex Zachary

Alex Zachary

Tel: 01753 279022

Stay in touch

Phone: +44 (0) 1753 889995


About cookies on our website

Our Site uses cookies to improve your experience of certain areas of the Site and to allow the use of specific functionality, such as social media page sharing. You may delete and block all cookies from this Site, but as a result, parts of the Site may not work as intended.

To find out more about our cookies policy, please visit here.

Click on the button below to accept the use of cookies on this Site (this will prevent the dialogue box from appearing on future visits).