Personal customer information was obtained by hackers and diverted to fraudulent sites.
The Guardian reports that the Information Commissioner’s Office (ICO) is fining British Airways over £183 million after a major data breach in which hackers stole half a million customers’ personal data. After an extensive investigation, the ICO discovered that the affected customer information included login credentials, payment cards, and customer names, addresses, and travel booking information.
The breach began in June 2018 as a result of “poor security arrangements” that British Airways put in place to protect customer information. Still, the personal information was diverted to a fraudulent website.
“People’s personal data is just that – personal,” said the information commissioner, Elizabeth Denham. “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. The law is clear, when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
The fine was issued under the relatively new General Data Protection Regulation (GDPR). It amounts to only 1.5% of British Airways £11.6 billion worldwide turnover last year, but George Salmon, an analyst at Hargreaves Lansdown financial service company, predicts it could do sizable damage to their parent company International Airlines Group’s financial performance.
“We are surprised and disappointed in this initial finding from the ICO,” said Alex Cruz, the chair and chief executive of British Airways. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”
The fine comes at a time when company morale isn’t particularly high, as the airline had just begun talks with its pilots in an effort to avoid a summer strike. The pilots have rejected a cumulative 11.5% pay increase over the past three years, as the British Airline Pilots’ Association (Balpa), who represent 90% of BA pilots, argue the raise is inadequate considering the airline’s considerable profits.