Published on Monday, July 8, 2019

BA to appeal multi-million pound data breach fine

British Airways is expected to appeal a fine of over £183 million for last year's customer data breach.

The Information Commissioner's Office (ICO) said it intends to implement the penalty against BA parent International Airlines Group (IAG) over the theft of data from its web and mobile site, which hit 380,000 direct customer transactions, although around 500,000 passengers are believed to have been affected in total.

The record fine is equivalent to 1.5% of BA's worldwide turnover and is the biggest penalty notice to be issued under the UK's Data Protection Act.

BA chairman and CEO Alex Cruz said: "We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers' data.

"We have found no evidence of fraud/fraudulent activity on accounts linked to the theft."

IAG chief executive Willie Walsh said it would defend BA's position 'vigorously' and would appeal.

He said: "British Airways will be making representations to the ICO in relation to the proposed fine.

"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals."

Details of the data breach were revealed in September 2018, when BA announced it had been hit by the cyber attack that had compromised passenger details between August 21 and September 5. But the ICO said the hack is believed to have begun in June, when customer details were harvested after hackers diverted user traffic to a false site.

"Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018," the ICO said.

It added: "The ICO's investigation has found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information."

Information commissioner Elizabeth Denham said: "People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.

"BA has co-operated with the ICO investigation and has made improvements to its security arrangements since these events came to light."

After the breach came to light, BA said it would pay out compensation for financial loss, including money stolen from bank accounts and a 12-month credit-rating monitoring service for those affected.

Story Image

Your Comments

, be the first to post a comment.
Your email:

Email other comments made to this story

NOTE: Comments are subject to admin approval before being posted.
Mole Poll
Will 5-day quarantine with test boost travel?- Yes/still too long/too expensive/ vaccine only??
Yes 24.07 %
Too Long 26.11 %
Expense 27.22 %
Vaccine 22.59 %

Thank you for your vote

What is GoodtoGo?

Submit your news
or special offer

Current UK Special Edition

Current US Special Edition

Current Asia/Pacific Special Edition


Central Florida's natural theme parks ideal for post-covid. Graham McKenzie finds out more

Visit Florida is all set for 2021 comeback - Graham McKenzie talks to head of VF Dana Young

Italy will be going back to basics in the post covid world

Sri Lanka - will it be the success of the post Covid world

South Africa and South Australia battle it out to be the best 'SA'
Enter the giveaway here!