British Airways Faces 183m EU Fine Following Data Breach

The Information Commissioner's Office (ICO) has handed British Airways what it claims is the biggest penalty — and the first to be made public under new rules — since the General Data Protection Regulation (GDPR) came into play last year. According to the ICO, 500,000 customers had their personal information compromised during the 2018 breach, and the airline needs to pay up - to the tune of £183 million.

According to the BBC, British Airways, owned by IAG, has said that it is "surprised and disappointed" by the penalty, following an attack by hackers who allegedly carried out a "sophisticated, malicious criminal attack" on its website. The airline first disclosed the incident on Sept. 6, 2018, and had initially reported roughly 380,000 transactions had been affected.

The ICO, which believes the attack began in June 2018, found that user traffic to BA's website was re-routed to a fraudulent website that gave hackers the ability to steal customer information. As a result of the airline's poor security posture, customer login information, payment card, and travel booking details, and names, and addresses were compromised.

In a statement, Information Commissioner Elizabeth Denham said, "People's personal data is just that — personal. When an organization fails to protect it from loss, damage, or theft, it is more than an inconvenience. That's why the law is clear — when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

Ensuring that your organization is in compliance with GDPR is critical for both your customers' protection and your bottom line. 

Source: Dzone.com

Powered by NewsAPI.org

Keywords:

British Airways • European Union • Data breach • Information Commissioner's Office • Information Commissioner's Office • British Airways • First Amendment to the United States Constitution • General Data Protection Regulation • General Data Protection Regulation • Information Commissioner's Office • Airline • BBC • British Airways • International Airlines Group • Security hacker • Malware • Website • Airline • Financial transaction • Information Commissioner's Office • User (computing) • Bachelor's degree • Website • Fraud • Website • Security hacker • Information • Airline • Security • Payment card • Information Commissioner's Office • Elizabeth Denham • Personally identifiable information • Law • Privacy • Organization • General Data Protection Regulation • Your Bottom Line •