British Airways is facing an estimated fine of USD 230 Million over a security system data breach. The breach occurred between August 21 and September 5 of last year.
What exactly happened?
The incident took place as users of British Airways’ website were redirected to a false site which extracted confidential information from an estimated 500,000 customers. According to the Information Commissioner’s Office, user data was compromised due to British Airway’s poor online security. The compromised information included credit card numbers, expiration dates, and three-digit CVV codes.
The severity of British Airways’ fine comes as a shock. It is facing a penalty 367 times greater than Facebook (NASDAQ: FB), which was fined roughly USD 630,000 over a 2018 data breach. However, the General Data Protection Regulation (GDPR), which came into effect last year, set new rules and regulations regarding information and data security breaches. British Airways is the first violator whose fine was made public. Under the GDPR, the Company is now facing a record fine from the Information Commissioner’s Office.
“People’s personal data is just that – personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience,” Information Commissioner Elizabeth Denham said. “That’s why the law is clear – when you are entrusted with personal data you must look after it.”
British Airways intends to appeal the enormous fine within the next 28 days.