British Airways fined record £183m over data hack
The airline said it was “surprised and disappointed” by the fine, which is the equivalent of 1.5 per cent of British Airways’ worldwide turnover for the financial year ending 31 December 2017.
The fine relates to a security breach last year during which hackers accessed customers’ personal and financial data from BA’s website and mobile app. Those affected included customers making or amending bookings.
BA initially said around 380,000 card payments had been compromised but the Information Commissioner’s Office (ICO), which issued the fine, said approximately 500,000 customers had been affected.
An investigation by the ICO into the incident found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.
Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
BA said it plans to appeal the fine.
Willie Walsh, chief executive of International Airlines Group, BA’s parent company, said: “British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”