Main Page
has been fined £20million by the data watchdog after the personal and financial details of more than 400,000 customers were accessed by hackers in a 2018 data breach.
The Information Commissioner's Office (ICO) dished out the biggest ever fine in its history after it found that the beleaguered airline should have identified the security weaknesses which enabled the attack to take place.
It said the carrier, which is in the throes of an existential crisis after coronavirus decimated demand for air travel, was processing a significant amount of personal data without adequate security measures in place.
The watchdog said this failure broke data protection law and caused BA to be subjected to a cyber-attack in 2018, which it did not detect for more than two months.
Addressing these security issues would have prevented the hack being carried out in this way, investigators concluded.
In a statement released today, the ICO concluded: 'It is not clear whether or when BA would have identified the attack themselves.
'This was considered to be a severe failing because of the number of people affected and because any potential financial harm could have been more significant. If you loved this post and you would want to receive details about Buy cvv assure visit our own web site. '
Information Commissioner Elizabeth Denham said: 'People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure.
'Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.
That's why we have issued BA with a £20m fine - our biggest to date.
British Airways has been fined £20million by the data watchdog after the details of more than 400,000 customers were accessed by hackers in a 2018 data breach (stock photo)
The Information Commissioner's Office (ICO) dished out the biggest ever fine in its history after it found that the beleaguered airline should have identified the security weaknesses which enabled the attack to take place. It said the carrier, which is in the throes of an existential crisis after the coronavirus pandemic decimated demand for travel, was processing a significant amount of personal data without adequate security measures in place
'When organisations take poor decisions around people's personal data, that can have a real impact on people's lives.
The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.'
BA announced in July last year that the ICO was proposing to issue a fine of more than £183million, more than nine times the £20million the airline has eventually been fined.
The ICO said it considered 'representations from BA and the economic impact of Covid-19 on their business' before setting the final penalty.
Still, shares in BA's Anglo-Spanish parent IAG slid to session lows following the announcement.
By 9.20am, they were three per cent lower.
Because the BA breach happened in June 2018, before the UK left the EU, the ICO investigated on behalf of all EU authorities as lead supervisory authority under the GDPR. The penalty and action have been approved by the other EU DPAs through the GDPR's cooperation process.
<div class="art-ins mol-factbox floatRHS news" data-version="2" id="mol-321c83e0-0f97-11eb-adc6-a9faba082a65" website Airways is fined £20m after 2018 data breach