British Airways Fined for Failing To Protect Customer Data

The carrier did not detect the hack for more than two months

The carrier did not detect the hack for more than two months

The BA data breach triggered the first major investigation to be carried out under revamped data laws that called for heavier fines as a proportion of a company's turnover than had previously been mandated.

British Airways could have taken several affordable steps to prevent the risk of such an attack, such as limiting access to applications and protecting accounts with "multi-factor authentication", officials said. But it's a major step down from the £184 million penalty - 1.5% of BA's revenues in the 2018 calendar year - that the regulator had originally set last year.

After discovering the matter in 2018, the office said at the time that the fine to be imposed on British Airways would amount to about 183 million pounds sterling, but it was reduced to about 20 million pounds sterling with the hard conditions the company is going through due to the Corona epidemic. The failures themselves amounted to breaches of data protection law but also meant that, when BA was hit by a cyber-attack in 2018, the attack went undetected for two months and the attacker was able to compromise the data of over 400,000 customers. As the ICO characteristically points out, the airline could have applied various measures that were not technically complex nor expensive to implement at the time, but still failed to do it.

There are two main reasons why the ICO made a decision to push British Airways to a more cushioned pit.

"We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation", said a spokesman. Thus, the firm has shown a willingness to comply with the strict regulatory context in an impressive way.

Miley Cyrus Sounds Amazing Covering Britney Spears’ ‘Gimme More’ For ‘Backyard Sessions’
You can also watch it on Sling ($20/month) with their Entertainment package which offers over 50 TV channels, or on Philo. You can also stream it on fuboTV (free trial ), Sling and Philo .

Secondly, COVID-19 has brought the airline industry down to its knees, and if the ICO was to impose a $230 million fine on British Airways, the company would be placed in a really hard situation. The stolen data included login details, PINs, payment card details, CVV numbers and passwords, and travel booking information as well names and addresses. Officials said they considered the airline's representations about the attack along with "the economic impact of COVID-19 on their business" before settling on the final amount.

A further 77,000 customers had their combined card and CVV numbers accessed, and an additional 108,000 customers had just their card numbers accessed.

'When organisations take poor decisions around people's personal data, that can have a real impact on people's lives'.

The cyberattack occurred on June 22nd, 2018, according to the ICO, but British Airways only became aware of the problem on September 5th when it was alerted by someone outside of the company.

The BA probe was different because it was an EU-wide effort led by the ICO.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.