0 £0.00
This item was added to your basket
Credit Strategy homepage
LinkedIn
Twitter

Dear visitor,
You are viewing 1 of your 1 free articles


We’ve invested in our content to provide more news, analysis, features, interviews and opinions across a wide range of Credit and Financial Services. Register now to access more of the trustworthy, insightful information that’s on offer.

Register now or Login

ICO hits British Airways with £183m fine over data breach

In the first sanction under the new General Data Protection Regulation (GDPR) rules, British Airways (BA) has been hit with a record £183m fine by the Information Commissioner’s Office (ICO) after a data breach which took place last year.

Share on LinkedInShare on TwittereCard

Personal data of approximately 500,000 customers were compromised in the incident, which is believed to have begun in June 2018.

 

The incident was first disclosed on September 6, 2018, and BA had initially said approximately 380,000 transactions were affected.

 

User traffic to the BA website was diverted to a fraudulent site, which then harvested customer details.

 

The information taken from customers included names, email addresses, credit card information such as credit card numbers, expiry dates and the three-digit CVV code found on the back of credit cards.

 

The fine dwarfs the previous record of £500,000 issued to Facebook for its role in the Cambridge Analytica scandal.

 

However, the General Data Protection Regulation (GDPR) rules, which came in last year, allow fines of up to four percent of annual turnover. The BA penalty amounts to 1.5 percent of its worldwide turnover in 2017.

 

The ICO said BA has co-operated with its investigation and has made improvements to its security arrangements since the breach came to light. BA will now have opportunity to make representations to the ICO as to the proposed findings and sanction.

 

Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

 

Alex Cruz, BA chairman and chief executive, said: “We are surprised and disappointed in this initial finding from the ICO. BA responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”

 

Willie Walsh, chief executive of BA’s parent company International Airlines Group, said: “BA will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”

GET THE LATEST INDUSTRY NEWS STRAIGHT TO YOUR INBOX

READ NEXT

MPs fire up campaign for government to free up mortgage prisoners

MPs fire up campaign for government to free up mortgage prisoners

“The money would be better invested elsewhere” – broker body on Stamp Duty cut

“The money would be better invested elsewhere” – broker body on Stamp Duty cut

HMRC takes first major action to combat furlough fraud

HMRC takes first major action to combat furlough fraud

Upcoming events


Lending Summit


Women in Credit Awards


Credit 500 Gala Dinner

Credit Strategy
LinkedIn page

Member of

Did you find our website useful?

Thank you for your input

Thank you for your feedback

creditstrategy.co.uk – an online news and information service for the UK’s commercial and consumer credit industry. creditstrategy.co.uk is published by Shard Financial Media Limited, registered in England & Wales as 5481132, Axe & Bottle Court, 70 Newcomen St, London, SE1 1YT. All rights reserved. Credit Strategy is committed to diversity in the workplace. @ Copyright Shard Media Group