British Airways Faces Record $230 Million Fine Over Data Theft

The Information Commissioner's Office (ICO) proposed a penalty of GBP 183.4 million.

British Airways Faces Record $230 Million Fine Over Data Theft
Advertisement

British Airways-owner IAG is facing a record $230 million fine for the theft of data from 500,000 customers from its website last year under tough new data-protection rules policed by the UK's Information Commissioner's Office (ICO).

The ICO proposed a penalty of GBP 183.4 million, or 1.5 percent of British Airways' 2017 worldwide turnover, for the hack, which it said exposed poor security arrangements at the airline.

BA indicated that it planned to appeal against the fine, the product of European data protection rules, called GDPR, that came into force in 2018. They allow regulators to fine companies up to 4 percent of their global turnover for data-protection failures.

The attack involved traffic to the British Airways website being diverted to a fraudulent site, where customer details such as log in, payment card and travel booking details as well as names and addresses were harvested, the ICO said.

Information Commissioner Elizabeth Denham said: "People's personal data is just that – personal.

"When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear – when you are entrusted with personal data you must look after it."

BA's chairman and chief executive Alex Cruz said he was "surprised and disappointed" by the proposed penalty.

"British Airways responded quickly to a criminal act to steal customers' data," he said.

"We have found no evidence of fraud/fraudulent activity on accounts linked to the theft."

Willie Walsh, CEO of parent company IAG, said BA would be making representations to the ICO about the proposed fine.

"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals," he said.

Shares in IAG fell 0.8 percent to 452.7 pence by 0810 GMT.

Analyst Gerald Khoo at broker Liberum said the proposed fine equated to about 9 pence per IAG share.

"While IAG has more than adequate liquidity to cover the fine (Dec 2018 cash EUR 3.8 billion, total liquidity EUR 6.3 billion), the penalty is still substantial," he said.

The ICO, which could impose fines up to 500,000 under previous rules, had also investigated BA on behalf of other European regulators.

The ICO fined Facebook GBP 500,000 in 2018 for serious breaches of data protection law. It said the penalty would have "inevitably have been significantly higher under GDPR".

© Thomson Reuters 2019

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: British Airways
Amazon Prime Day 2019 Sale: A Glimpse at International Deals and Offers
Xiaomi Mistakenly Uses Apple’s Memoji Ad to Promote Mimoji in China, Promises Serious Action
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »