British Airways Might Be Slapped With $230 Million Fine Over Data Breach

Photo Credit: BBC/Getty Images

British Airways now faces a $230 million fine over a website failure that caused about 500,000 customers’ personal data to be breached.

The massive data breach has lead to a record-setting fine from the European Union’s General Data Protection Regulation (GDPR), which came into effect last year.

This fine follows a statement by the UK Information Commissioner’s Office reported that weak security measures allowed user traffic to be diverted from the British Airways website to a fraudulent imposter page, starting as early as June 2018. British Airways will have a chance to contest these findings in order to do away with the fine.

Attackers working on the fraudulent website were able to harvest hundreds of thousands of customer details over the course of months. These details included usernames, passwords, payment card information, and booking details, according to the UK Information Commissioner’s Office. The incident was disclosed by the airline in September of 2018.

The fine the airline’s been slapped with by the Information Commissioner’s Office constitutes about 1.5% of their annual revenues. “We are surprised and disappointed in this initial finding,” said British Airways CEO Alex Cruz in a statement. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud [or] fraudulent activity on accounts linked to the theft.” The GDPR regulations that lead to the fine were put in place to make sure that the way a company collects and stores data is secure. The current trend in the EU is increased scrutiny and legal action in cases of data breaches. British Airways still has time to present its case and contest the fine.

Written by  
5 years ago