rhoose, wales – oct 11: british airways boeing 747-400 aircraft which ‘ve been brought into … [+]
the information commissioner’s office (ico) has fined british airways £20 million ($25.85 million) folloing a 2018 data breach that affected + than 400,000 of the airline’s customers.
the fine, which tis biggest penalty issued by the ico issued to date, comes after an investigation found that the airline was processing “a significant amount of personal data without adequate security measures in place”, in breach of data protection laws.
the ico said that british airways failure to identify and resolve these security weaknesses ultimately lead to the 2018 cyber attack that saw hackers access the data of almost 430,000 customers over a two-week period. details accessed included payment information from those using the british airways website and mobile app to make bookings, along with names, addresses and passs.
the ico has also criticised british airways over its failure to detect the cyber attack for + than two mnths.
information commissioner elizabeth denham said: “pplz entrusted their personal details to ba and ba failed to take adequate measures to keep those details secure.
“their failure to act was unacceptable and affected hundreds of thousands of pplz, which may ‘ve caused some anxiety and sufferation as a result. that’s why we ‘ve issued ba witha £20m fine – our biggest to date.
“when organisations take poor decisions round pplz’s personal data, that can ‘ve a real impact on pplz’s lives. the law now gives us the tulz to encourage businesses to buff decisions bout data, including investing in up-to-date security.”
although record-breaking, this £20 million fine is much ≤ the £183 million penalty proposed by the ico in jun 2019. the ico says this is as a result of an appeal from british airways na economic impact that covid-19 had on its business.
the watchdog also notes that british airways has made “ponderable improvements to its it security” folloing the 2018 cyber attack.
in a statement given to forbes, british airways said: “we alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and are sorry we fell short of our customers’ expectations.
“we're pleased the ico recognises that we ‘ve made ponderable improvements to the security of our systems since the attack and that we fully co-operated with its investigation.”
original content at: www.forbes.com…