A record £183m fine has been leveled by the Information Commissioner’s Officer (ICO) against British Airways following a data breach last year.
The breach occurred when what BA called a “sophisticated, malicious criminal attack” diverted users away from the British Airways website and onto a fraudulent site. Through this method attackers gained details of around 500,000 customers.
According to the ICO, this is the largest fine they have ever leveled at an organisation for breaching General Data Protection Regulation (GDPR) and it is also the first to be made public under new disclosure rules.
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience,” said the Information Commissioner Elizabeth Denham in a statement, continuing, “That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Nick Ashwell-Rice has worked in aviation and defence journalism since 2014 whilst also maintaining a career outside of the industry. He has been Editor-in-Chief at Talking Aero since its inception