The Information Commissioner’s Office (ICO) is fining British Airways £183.4 million after hackers snatched the personal information of roughly 500,000 customers. The broad ICO investigation uncovered that some of the data which was stolen includes payment card information, names, addresses, login details, and travel booking information. The data was taken when unaware customers were redirected to a fake website.
The data violation began in June of last year. According to the ICO, the infraction was possible due to the inadequate security setup of British Airways’ systems which are supposed to shield customer details from attackers.
“People’s personal data is just that – personal,” said Elizabeth Denham, information commissioner. “When an organisation fails to protect it from loss, damage, or theft, it is more than an inconvenience. The law is clear, when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
British Airways’ response
“We are surprised and disappointed in this initial finding from the ICO,” said the chair and Chief Executive of British Airways, Alex Cruz. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of (fraud or fraudulent) activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused.”
British Airways – whose digital security has been upgraded since the breach – can appeal against the findings and the amount of the fine before the ICO comes to a conclusive decision.
“British Airways will be making representations to the ICO in relation to the proposed fine,” said Willie Walsh, the Chief Executive of the International Airlines Group, the parent company of British Airways. “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”