Masterclassing
Monday 08-07-2019 13:57

British Airways facing £183m fine for data hack

David Murphy

British Airways is facing a £183m fine from the Information Commissioner’s Office (ICO) under GDPR for a September 2018 security breach. In the incident, traffic to BA’s website was diverted to a fraudulent site, resulting in the personal data of approximately 500,000 customers being compromised.

The fine equates to 1.5 per cent of BA’s worldwide turnover in 2017, and far surpasses the previous record fine of £500,000 which Facebook was hit with in the Cambridge Analytica data scandal. The maximum fine under GDPR is 4 per cent of annual turnover.

In a statement, the ICO said its investigation found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.

Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways said it was “surprised and disappointed” at the size of the fine. The company cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light. It will have the opportunity to make representations to the ICO as to the proposed findings and sanction.

Diane Yarrow, partner and commercial solicitor at law firm, Gardner Leader, described the fine as “substantial” and said it is invetibaler that BA will appeal it. She said: “This first large fine would always be hotly contested and in the next 28 days, we should learn more details of the basis on which BA will appeal the ICO’s decision, together with the ICO’s response to the appeal. The ICO will have to take into account; any action taken by BA to mitigate the damage suffered by data subjects, the degree of cooperation with the supervising authority and any other mitigating factors.
“Given the current GDPR guidelines it can be reasonably expected that any decision by the ICO will set a strong precedent for future large scale data breaches. Anyone who has not yet taken steps to ensure that they comply with GDPR should revisit what they need to do in the context of their business.”

SHARE
Author
David Murphy

YOU MAY ALSO BE INTERESTED IN

News
09.12.2021
Billion Dollar Boy partners with Meta for Creators for Causes initiative

Billion Dollar Boy partners with Meta for Creators for Causes initiative

News
20.12.2021
GumGum acquires attention-based ad platform Playground xyz

GumGum acquires attention-based ad platform Playground xyz

News
06.01.2022
CAF partnership brings Africa Cup of Nations content to TikTok

CAF partnership brings Africa Cup of Nations content to TikTok

News
14.01.2022
BBC iPlayer sets new records over the festive season

BBC iPlayer sets new records over the festive season

News
25.01.2022
White Bullet expands EMEA team with appointment of anti-piracy and brand safety experts

White Bullet expands EMEA team with appointment of anti-piracy and brand safety experts

News
02.02.2022
Movers and Shakers: Samsung Electronics, Snap, Time Out Media and more

Movers and Shakers: Samsung Electronics, Snap, Time Out Media and more

© Mobile Marketing 2023 | Powered by by Codea Digital LTD