Last year British Airways was hit with a data breach. Well, it seems the UK Information Commissioners Office isn’t overly happy with the situation – and has chosen to serve intention notice to the airline of a fine, valued at £183.39 MILLION to the airline .
The fine is being issued under the General Data Protection Regulations – which British Airways intends to appeal.
For those who forgot, British Airways suffered a major incident last year which involved traffic being diverted to a fraudulent web site to collect personal details as well as payment details.
It is estimated that approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018.
The ICO investigated and found that a variety of information was compromised by poor security arrangements at the company including:
- Log-In details
- Payment Card details
- Travel Booking details
- Name and Address information
Information Commissioner Elizabeth Denham said:
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Meanwhile, over at IAG and British Airways, there are a lot of furrowed brows with an impending fine they wish to appeal.
Alex Cruz, British Airways chairman and chief executive, said:
“We are surprised and disappointed in this initial finding from the ICO.
“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.
“We apologise to our customers for any inconvenience this event caused.”
Willie Walsh, International Airlines Group chief executive said:
“British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”
A warning shot for those who handle data
GDPR has implications for any industry on how it obtains, manages, and protects data about their users when they operate in Europe. And like it or not, these rules are set out to protect all parties.
With the fines lifted from a mere Half-Million pounds (£500,000) to up to 4% annual global turnover – to act as a warning for companies to ensure data is secure and how that data is handled remains secure at all points of access – and yes, that means a high level of information security needs to applied, managed and maintained.
Whilst the fine that British Airways has been hit with – £183.39 million – is not final and can be appealed, it should serve as a warning for any industry about what can happen if something goes wrong with data processing.
And as for the hospitality and travel industry, a fine of 4% of their turnover could be a very bad thing to experience.
Welcome to Economy Class and Beyond – Your no-nonsense guide to network news, honest reviews, with in-depth coverage, unique research as well as the humour and madness as I only know how to deliver.