British airways will be dealing with a £183m fine after last year’s breach of it security systems.
The British Airways chairman, Álex Cruz, said: “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”
The Information Commissioner’s Office (ICO) said the incident took place after users of British Airways’ website were diverted to a fraudulent site. Around 500,000 customers’ information were taken by the attackers.
Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.
“That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
The incident was uncovered on September 6th in 2018 and it was first thought that there was 380,000 transactions affected but the stolen data did not include travel or passport details. The ICO believed it had begun in June 2018.
Details of payment cards, including the number, expiry date and three-digit security code or “card verification value” were illegally taken from the reservations system.
Under the General Data Protection Regulation (GDPR), fines can be up to 4% of annual company’s global revenue. British Airway’s total revenue in the year to 31 December 2017 was £12.2bn, making the maximum possible fine £488m.
