July 8 (UPI) — The British government said Monday it will fine British Airways a record $230 million for a security breach that affected the personal data of about 500,000 customers a year ago.
Officials said last summer hackers diverted British Airways’ website traffic to a fraudulent site where login, payment card, travel details, names and address could be mined.
Monday, after its investigation into the matter, the Information Commissioner’s Office said it would issue the fine — which is nearly 370 times more than its previous record penalty.
“People’s personal data is just that — personal,” Information Commissioner Elizabeth Denham said in a statement. “When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
British Airways responded by saying no evidence of fraud was found on any customer accounts. Upon learning of the breach last year, British Airways characterized it as sophisticated, malicious and criminal, but said the stolen data didn’t include travel or passport details.
“We are surprised and disappointed in this initial finding from the ICO,” British Airways CEO and chairman Alex Cruz said in a statement.
International Airlines Group, the carrier’s parent company, said, “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”
British Airways said the breach occurred in August and lasted until September, but the ICO said it started in June.
The EU General Data Protection Regulation requires companies to take additional encryption precautions to ensure customer data is protected.
The record fine is the first under new General Data Protection Regulation rules, which require companies to report security breaches to the information commissioner’s office. The previous record fine was about $663,000 against Facebook last year in the Cambridge Analytica scandal. At the time, that was the maximum fine allowed under the old rules.
The ICO said British Airways has cooperated with the investigation.
COMMENTS
Please let us know if you're having issues with commenting.