Site icon Merchant Fraud Journal

ICO Fines British Airways £183.39m for Data Breach

Free-Photos / Pixabay

The UK’s Information Commissioner’s Office (ICO) will fine airline British Airways £183.39m for a data breach violating GDPR regulations. The fine is the result of British Airways failing to protect the personal data of approximately 500,000 customers since June of 2018. Information stolen includes logins, credit cards, travel booking details, and more. The fine represents 1.5% of the airline’s worldwide turnover for the financial year that concluded on December 31, 2017.

In a statement about the fine, ICO Information Commissioner Elizabeth Denham stressed companies have a legal requirement to protect consumer data.

“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” she said. “That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways Will Contest Fine, Claims No Harm Done to Consumers

British Airways is cooperating with the investigation. Nevertheless, the company’s chairman and chief executive, Alex Cruz, expressed disappointment in the ICOs decision. He stressed that affected accounts currently show no signs of fraudulent activity.

“We are surprised and disappointed in this initial finding from the ICO,” Cruz said in a statement. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.”

In addition, the International Airlines Group (IAG), an umbrella organization that combines leading airlines in Ireland, the UK and Spain, released a statement defending British Airways. In it, Chief executive Willie Walsh pledges to defend the airline, and reiterates Mr. Cruz’s assertions both that action was taken quickly, and that no consumers were harmed by the breach.

“British Airways will be making representations to the ICO in relation to the proposed fine,” he said. “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”


Sources:

https://www.iairgroup.com/en/newsroom/press-releases/newsroom-listing/2019/theft-of-customer-data-at-british-airways-update

Exit mobile version