BA facing £183m fine for data breach
The data breach, which BA reported to the ICO in September last year, involved the airline’s user traffic being diverted to a fraudulent website, where customer details were harvested.
According to the ICO, the personal data of around 500,000 customers was affected by the incident. The ICO has issued a notice of its intention to fine for infringements of the General Data Protection Regulation (GDPR).
The data included personal and financial details of customers making bookings and changes on the airline’s website and app.
The ICO said information was compromised by "poor security arrangements" at BA.
BA has co-operated with the ICO investigation and made improvements to its security arrangements, the ICO said. The airline has a chance to make representations before the fine is finalised.
Alex Cruz, British Airways chairman and chief executive said the company was "surprised and disappointed" by the ICO’s findings, adding that the airline had found no evidence of "fraud or fraudulent activity" on accounts linked to the breach.
Willie Walsh, chief executive of BA parent company IAG, said: "British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals."
Elizabeth Denham, information commissioner, said: "People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

We hope you enjoyed this article.
Research Live is published by MRS.
The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.
Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.
For example, there's an archive of winning case studies from over a decade of MRS Awards.
Find out more about the benefits of joining MRS here.
2 Comments
peter
6 years ago
Yes there is a fine for BA if found guilty of this breach. But is any of this money being passed on to Executive Club members who had their data security compromised. Where will this money (fine) be paid to ?!
Like Reply Report
Anon
6 years ago
Join the group action with SPG law! That way you will get some compensation for the inconvenience and distress casued.
Like Reply Report