| 7.5°C Belfast

British Airways fined a record £20m for customer data breach

Close

British Airways has been fined £20m over a 2018 data hack, the Information Commissioner's Office (ICO) said yesterday.  (Tim Ockenden/PA)

British Airways has been fined £20m over a 2018 data hack, the Information Commissioner's Office (ICO) said yesterday. (Tim Ockenden/PA)

British Airways has been fined £20m over a 2018 data hack, the Information Commissioner's Office (ICO) said yesterday. (Tim Ockenden/PA)

British Airways has been fined £20m over a 2018 data hack, the Information Commissioner's Office (ICO) said yesterday.

Investigators found the airline should have identified the security weaknesses which enabled the attack to take place.

The carrier failed to protect the personal and financial details of more than 400,000 customers, the ICO said.

It did not detect the hack for more than two months.

Information Commissioner Elizabeth Denham said: "People entrusted their personal details to BA, and BA failed to take adequate measures to keep those details secure. Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.

"That's why we have issued BA with a £20m - our biggest to date.

"When organisations take poor decisions around people's personal data, that can have a real impact on people's lives.

"The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security."

British Airways announced in July last year that the ICO was proposing to issue a fine of more than £183m.

This is more than nine times the £20m the airline has eventually been fined. The ICO said it considered "representations from BA and the economic impact of Covid-19 on their business" before setting the final penalty.

A British Airways spokeswoman said: "We alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and are sorry we fell short of our customers' expectations.

"We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation."

The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff.

Belfast Telegraph