British Airways Faces 183m EU Fine Following Data Breach - 3 minutes read


British Airways Faces 183m EU Fine Following Data Breach

The Information Commissioner's Office (ICO) has handed British Airways what it claims is the biggest penalty — and the first to be made public under new rules — since the General Data Protection Regulation (GDPR) came into play last year. According to the ICO, 500,000 customers had their personal information compromised during the 2018 breach, and the airline needs to pay up - to the tune of £183 million.

According to the BBC, British Airways, owned by IAG, has said that it is "surprised and disappointed" by the penalty, following an attack by hackers who allegedly carried out a "sophisticated, malicious criminal attack" on its website. The airline first disclosed the incident on Sept. 6, 2018, and had initially reported roughly 380,000 transactions had been affected.

The ICO, which believes the attack began in June 2018, found that user traffic to BA's website was re-routed to a fraudulent website that gave hackers the ability to steal customer information. As a result of the airline's poor security posture, customer login information, payment card, and travel booking details, and names, and addresses were compromised.

In a statement, Information Commissioner Elizabeth Denham said, "People's personal data is just that — personal. When an organization fails to protect it from loss, damage, or theft, it is more than an inconvenience. That's why the law is clear — when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

Ensuring that your organization is in compliance with GDPR is critical for both your customers' protection and your bottom line. 

Source: Dzone.com

Powered by NewsAPI.org

Keywords:

British AirwaysEuropean UnionData breachInformation Commissioner's OfficeInformation Commissioner's OfficeBritish AirwaysFirst Amendment to the United States ConstitutionGeneral Data Protection RegulationGeneral Data Protection RegulationInformation Commissioner's OfficeAirlineBBCBritish AirwaysInternational Airlines GroupSecurity hackerMalwareWebsiteAirlineFinancial transactionInformation Commissioner's OfficeUser (computing)Bachelor's degreeWebsiteFraudWebsiteSecurity hackerInformationAirlineSecurityPayment cardInformation Commissioner's OfficeElizabeth DenhamPersonally identifiable informationLawPrivacyOrganizationGeneral Data Protection RegulationYour Bottom Line