Visit Atlantic City aircraft(3).jpg

Published on Friday, October 16, 2020

BA fined 20 million over data hack

British Airways has been fined £20 million by the Information Commissioner's Office for failing to protect the personal and financial details of more than 400,000 of its customers.

The ICO said the fine was its 'biggest to date', although it's just a fraction of the ICO's £183m intention to fine that was issued in June 2019 - an amount that would have been equivalent to 1.5% of BA's global annual turnover. At the time BA said it was surprised at the size of the intended fine and would appeal.

That appeal and the economic impact of the coronavirus pandemic, appears to have paid off.

"As part of the regulatory process the ICO considered both representations from BA and the economic impact of Covid-19 on their business before setting a final penalty," the ICO said.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

ICO investigators found BA ought to have identified weaknesses in its security and resolved them with security measures that were available at the time.

Addressing these security issues would have prevented the 2018 cyber-attack being carried out in this way, investigators concluded.

Information Commissioner Elizabeth Denham said: "People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure.

"Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That's why we have issued BA with a £20m fine - our biggest to date.

"When organisations take poor decisions around people's personal data, that can have a real impact on people's lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security."

By Louise Longman, Contributing Editor (UK)


Story Image

Your Comments

, be the first to post a comment.
Your email:

Email other comments made to this story

NOTE: Comments are subject to admin approval before being posted.
  • Lucky escape

    BA have had a lucky escape. If COVID was not decimating the travel/transport industries I think they would have ended up paying north of &#pound;100m. But this and all the other own goals they have scored is killing the brand!

    By Richard Bristow, Friday, October 16, 2020

Mole Poll
Do you like the job the government is doing with the Traffic Light System ?


North Americas largest shopping and entertainement complex MOA talks to TravelMole

A new exhibition for grown ups who like adventure? Yes and this year!

Pure Michigan are emerging from the pandemic and travel around the state is now possible and safe!

London Hotel Week - Why, What, and When?

The New Ambassador Cruise Line Chairman, Gordon Wilson, talks to TravelMole