British Airways, the well known UK airline is facing a serious fine over a data breach that happened last year.
The airline is apparently facing a record £183m fine that is thanks to a data breach that happened in 2018. What happened was that users of British Airways website were diverted to a fraudulent site. Thanks to this, data of around half a million customers were harvested by attackers.
The Information Commissioner’s Office (ICO) says that a variety of information was compromised that includes payment cards, logins, travel booking details as well as name and address information. British Airways said that the information stolen included email addresses, credit card information (numbers, expiry dates and the CVV) but they said they don’t store CVV numbers.
The GDPR (General Data Protection Regulation) came into force last year and this has shaken up the industry on matters of data privacy. If found to be in breach of this, the maximum penalty is 4% of turnover. Now, British Airway’s penalty amounts to 1.5% of of its 2017 turnover.
The proposed penalty on British Airways is 367 times higher than the previous record fine that was imposed on Facebook (£500,000) over the Cambridge Analytica scandal. If the proposed penalty on British Airways was pegged at the maximum 4% of annual turnover, the fine would be a staggering amount.
Well, British Airways has 28 days to appeal this proposed fine on them. Alex Cruz, British Airways chairman and CEO said that the airline was surprised and disappointed aint eh ICO’s initial finding. “We intent to take all appropriate steps to defend the airline’s position vigorously, including making necessary appeals,” Willie Walsh, CEO of International Airlines Group said.
