The British Information Commissioner Office (ICO) is all set to fine British Airways with 230 million USD (around 183.4 million pounds) over a data breach in 2018. The underlying revelation said the breach occurred between August and September, affecting 380,000 card payments. The carrier later said that 185,000 individuals who made appointments from April to July may have been comparably traded off as well, which leads to a total figure of 500,000. The ICO said the hack included BA’s site traffic being occupied to a deceitful site through which client details were gathered, including that security was undermined by the poor assurance of capacities identified with sign in, installment card, travel booking details, name and address data.
CEO of British Airways Alex Cruz expressed his disappointment on the decision and explained that the system was compromised between August and September but the airline responded to the situation immediately and no proof of fraud on accounts linked to the theft was found. He added that it was a sophisticated attack and the people were advised to get in touch with the credit card provider to handle the situation. CEO of International Airlines Group (IAG) Willie Walsh, which is the parent company of BA, commented on the situation that, “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals,“
Information Commissioner Elizabeth Denham said that “the law is clear when it comes to people’s personal data. When you are entrusted with personal data you must look after it, those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
The imposed fine is around 1.5% of the company’s turnover for the year. According to the rules of the General Data Protection Regulations (GDPR), fine under similar cases can be up to 4% of the aggregate worldwide turnover of the company. ICO has also fined Facebook earlier, over breach of data.