British Airways (LSE: IAG.L) is being fined USD25.8 Million by the Information Commissioner’s Office, following a data breach that exposed the personal information of over 400,000 customers. Amid a cyberattack that lasted two months, the company lacked the adequate security to protect itself against it. The department had originally planned to fine the airline USD237.8 Million but reconsidered after evaluating the recent economic downturn brought on by COVID-19.
“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure,” said Information Commissioner Elizabeth Denham in a statement. “Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20 million fine – our biggest to date. When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”
British Airways has accepted the penalty and issued a statement to its customers.
“We alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and are sorry we fell short of our customers’ expectations,” a spokesperson said to TechCrunch. “We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully cooperated with its investigation.”
The assailant had potential access to names, addresses, payment card numbers and CVV numbers of 244,000 of the airline’s customers. Furthermore, 77,000 customers had both their card and CVV numbers exposed, while 108,000 had just their card numbers infiltrated.
Many other companies, including those in the travel and hospitality industry, have been affected by data breaches. Earlier this year, Cathay Pacific, was fined only USD646,000 amid a breach that impacted 9.5 million customers.