A fine of £183 million has been imposed by UK’s Information Commissioner’s Office (ICO) on British Airways for the customer data breach that took place last year.
The fine for data breach follows the theft of customer data from BA’s website which compromised personal details of approximately 500,000 customers and information of more than 380,000 transactions. The stolen data, however, didn’t include travel or passport details.
The BA data breach that took place last autumn gave hackers access to financial details of customers who made or changed bookings on BA’s website and app. Card numbers, expiration dates, and even CVC codes were stolen, making the British Airways data breach one of the most severe data breaches that UK citizens have faced.
Following the breach, the airlines later announced that compensation for the BA data breach would be extended to those affected. Meanwhile, they called this breach a "sophisticated, malicious criminal attack" on its website.
How did the British Airways data breach take place?
The ICO said that the British Airways data breach involved user traffic to a fraudulent website through which the data was stolen by hackers.
The fine for data breach has come as a result of the establishment of GDPR – General Data Protection Regulation last year and is equivalent to 1.5 percent of BA’s worldwide turnover for its 2017 financial year.
GDPR introduced stringent rules and warned companies against hefty penalties. The fine on British Airway’s data breach is the first one to be made public since the GDPR rules came into force. Until now, the biggest data breach penalty imposed in the UK was on Facebook for its involvement in the Cambridge Analytica Scandal.
The chief executive of IAG – the organization with majority shares of BA, has announced that it will appeal the penalty. Following the news of the penalty by the ICO over the British Airways data breach, he said, "We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals.”
Alex Cruz, British Airways' chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO.