You are here: Home - Household Bills - News -

British Airways fined record £20m over data breach

Written by:
British Airways has been fined £20m over a cyber-attack in the summer of 2018 which affected more than 400,000 customers.

The Information Commissioner’s Office (ICO) handed the airline the fine – its biggest to date – for failing to protect the personal and financial details of hundreds of thousands of customers.

Its investigation found the airline was processing a significant amount of personal data without adequate security in place and the cyber-attack remained undetected for two months.

However, the fine is much lower than the initial £183m fine the ICO threatened the airline with last year as it considered further evidence and noted the impact of the coronavirus pandemic.

British Airways cyber-attack

The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff. This included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.

Other details thought to have been accessed include the combined card and CVV numbers of 77,000 customers and card numbers only for 108,000 customers.

Usernames and passwords of BA employee and administrator accounts as well as usernames and PINs of up to 612 BA Executive Club accounts were also potentially accessed.

The ICO said BA ought to have identified weaknesses in its security and resolved them with measures “that were available at the time”.

However, BA didn’t detect the attack on 22 June 2018. Instead, the airline was alerted by a third party on 5 September and it is only then that BA acted.

The ICO said “it is not clear whether or when BA would have identified the attack themselves”, adding that “this was considered to be a severe failing because of the number of people affected and because any potential financial harm could have been more significant”.

As the data breach happened in June 2018, before the UK left the EU, the ICO investigated on behalf of all EU authorities. Last year the ICO issued BA with a notice of intent to fine – up to £183m – but a final penalty of £20m has been set.

‘Failure to act was unacceptable’

Information commissioner, Elizabeth Denham, said: “People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure.

“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date.

“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”

The ICO added that since the attack, BA has made considerable improvements to its IT security.

‘Sorry we fell short of expectations’

A British Airways spokesperson, said: “We alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and are sorry we fell short of our customers’ expectations.

“We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Your right to a refund if travel is affected by train strikes

There have been a wave of train strikes in the past six months, and for anyone travelling today Friday 3 Febru...

Could you save money with a social broadband tariff?

Two-thirds of low-income households are unaware they could be saving on broadband, according to Uswitch.

How to help others and donate to food banks this winter

This winter is expected to be the most challenging yet for the food bank network as soaring costs push more pe...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week