fine British Information Commissioner’s Office (ICO) British Airways amounted to 20 million pounds ($ 26 million) due to a data breach in 2018 that exposed the personal and financial details of 429,612 of the company’s customers.
After an investigation spanning nearly two years, the British Information Commissioner’s Office concluded that British Airways did not have sufficient security measures in place to process large amounts of personal data.
The British Information Commissioner’s Office said: The failure is a breach of data protection law and the fine is based on the General Data Protection Regulation (GDPR).
The fine of 183 million pounds imposed on British Airways was reduced to 20 million pounds after investigators took into account the financial woes of the airline and the circumstances of the cyber attack.
The British Information Commissioner’s Office said: The economic impact of the Coronavirus pandemic must be taken into account.
The attacker is believed to have gained access to the names, addresses, payment card numbers and CVV numbers of about 244,000 airline customers.
The attacker obtained the combined card numbers and CVV numbers for up to Another 77,000 customers, along with access to card numbers for an additional 108,000 customers.
The regulator said: The usernames and passwords of up to 612 members of the British Airways Executive Club have been hacked.
It took the airline more than two months to realize it had suffered a data breach.
Information Commissioner Elizabeth Denham said in a statement: People have entrusted their personal details to British Airways, but the airline has failed to take appropriate measures to keep these details safe.
“The airline’s failure to act was unacceptable and affected hundreds of thousands of people, which is why we have issued a fine of 20 million pounds – the biggest fine for us so far.”
An airline spokesperson said: We alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and we regret that we did not meet our customers’ expectations.
He added: We are pleased that the British Information Commissioner’s Office realizes that we have made major improvements to the security of our systems since the attack and that we have cooperated fully with the investigation.