09 July 2019
British Airways fined over data breach
British Airways is facing an Information Commissioner’s Office (ICO) fine of £183 million after a breach of its security systems in 2018. It is the biggest penalty issued by the ICO to date.
When the breach took place, BA said that hackers had conducted a "sophisticated, malicious criminal attack" on its website.
The incident occurred after users of the British Airways' website were diverted to a fake site. Through this site, around 500,000 customers’ details were gathered by the hackers.
The Information Commissioner said: "People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.
"That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
“The GDPR adopts a risk-based approach to compliance, under which businesses bear responsibility for assessing the degree of risk that their processing activities pose to individuals.
"On this occasion BA failed to protect its customers’ details and have been fined a significant 1.5% of their annual turnover.
“In 2018, UK GDPR legislation changed to reflect Europe's GDPR which meant that companies could be fined up to 4% of annual turnover, so BA’s fine could have been a lot worse. But in comparison to Facebook’s fine of £500,000 over the Cambridge Analytics scandal when it was penalised under old laws, it is still a huge amount.”
For accessible, comprehensive advice or to discuss a comprehensive data protection meeting tailored to your business, please get in touch with Alex Zachary on firstname.lastname@example.org or call 01753 279022.