Record GBP 183 million fine for British Airways data breach

Monday 8 July 2019 08:55 CET | News

British Airways (BA) has received a record fine of GBP 183 million for a breach of its security systems that happened in 2018.

The airline, owned by IAG, has previously said approximately 380,000 transactions were affected, but the stolen data did not include travel or passport details. The information included names, email addresses, credit card information such as credit card numbers, expiration dates and the three-digit CVV code found on the back of credit cards, although BA has said it did not store CVV numbers.

The incident was first disclosed on 6 September 2018.

The Information Commissioners Office (ICO) said it was the biggest penalty it had ever handed out and the first to be made public since the General Data Protection Regulation (GDPR) was introduced and amounts to 1.5% of its worldwide turnover in 2017, less than the possible maximum of 4%, according to BBC.

So far, the biggest penalty was GBP 500,000, imposed on Facebook for its role in the Cambridge Analytica data scandal. That was the maximum allowed under the old data protection rules that applied before GDPR.

BA has 28 days to appeal. Willie Walsh, chief executive of IAG, said British Airways would be making representations to the ICO, BBC added.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: British Airways, BA, fine, data breach, online security, data protection, GDPR, UK, security systems
Countries: World

Industry Events