British Airways to pay record fine of $229 million over passengers\' data leak

British Airways to pay record fine of $229 million over passengers' data leak

Computer hackers redirected British Airways consumers to a site to access their personal information including names, e-mail addresses and credit card details including credit card numbers, expiration dates and CVV codes

The Information Commissioner's Office (ICO) has imposed a record fine of 183 million pounds ($229 million) on British Airways over a data breach in its security systems last year. This fine is the largest ever issued by ICO and also the first one to come under the public eye.

Computer hackers redirected British Airways consumers to a site to access their personal information including names, e-mail addresses and credit card details including credit card numbers, expiration dates and CVV codes. However, any passport or travel details were not leaked. British Airways, owned by IAG and one of the largest airlines in the UK, had revealed that 380,000 transactions were affected. The four other airlines owned by IAG were not affected in the cyber attack.

This breach in British Airways systems led to the violation of EU's data protection rules. As a result, the airline has been fined a 183.4 million pounds. The penalty amounts to 1.5 per cent of its worldwide turnover for 2017. The fine was a result of infringement of customer's personal and financial data between June 2018 and September 2018.

Commenting on the financial penalty, Information Commissioner Elizabeth Denham said that "People's personal data is just that - personal". "When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear - when you are entrusted with personal data you must look after it," she said.

Meanwhile, Alex Cruz, the Chairman of British Airways, said he was shocked and disappointed after realising the details of the data leak. He said that this was "a very sophisticated, malicious, criminal attack on our website".

"British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused," Cruz was quoted as saying by news agency IANS.

Willie Walsh, CEO of IAG, also addressed the public, saying, "We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals."

(Edited by Ishita Gupta)