British Airways is facing a record £183 million fine from the Information Commissioner’s Office (ICO) for failing to protect the personal data of over 500,000 customers in a data breach that occurred in 2018.
Personal information such as customer logins, payment card details, names, addresses and travel booking information were accessed during the hack.
Information Commissioner Elizabeth Denham said, “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.”
“That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Under GDPR, organisations can be fined up to 4% of their annual turnover for data breaches. The proposed £183 million fine by ICO amounts to 1.5% of British Airways’ 2017 turnover.
In response to the ICO’s statement of intent, Alex Cruz CEO of British Airways said,
“We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”
The airline now has 28 days to appeal the decision. Willie Walsh, Chief Executive of its parent company IAG has confirmed the airline will be making representations and any necessary appeals to the ICO in relation to the proposed fine.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.