Published: Mon, July 08, 2019
Global News | By Blake Casey

British Airways faces record-breaking $230M GDPR fine for 2018 data breach

British Airways faces record-breaking $230M GDPR fine for 2018 data breach

British Airways-owner IAG is facing a record $230 million fine for the theft of data from 500,000 customers from its website previous year under tough new data-protection rules policed by the UK's Information Commissioner's Office (ICO).

The hack, which began in June 2018, was in effect during the busy summer holiday period and is believed to have affected some half a million users, the ICO said. "We apologize to our customers for any inconvenience this event caused", Cruz said. Is it because it was the first made public by the Information Commissioner's Office (ICO) since GDPR privacy laws came into force? They allow regulators to fine companies up to 4% of their global turnover for data-protection failures.

British Airways will be handed down the largest penalty on record from the ICO for a data breach a year ago that affected 500,000 customers.

George Salmon, analyst at Hargreaves Lansdown, said £183mln "will make a pretty big dent in next year's numbers, but IAG should be able to withstand its impact as it's less than 10% of expected net profits and could yet be reduced on appeal".

Competition watchdog to examine Amazon-Deliveroo deal
Deliveroo noted that it was competing with a number of major companies in the sector and that the investment would help to create jobs and restaurants to expand.


"That's why the law is clear - when you are entrusted with personal data you must look after it". BA parent IAG SA said the fine amounts to 1.5% of the airline's 2017 revenue.

British Airways says it will appeal the fine, and it has 28 days in which to do so. It said the penalty would have "inevitably have been significantly higher under GDPR". The attack was coordinated by a well-established group who were also responsible for other security breaches like the one affecting ticket website Ticketmaster UK.

BA says it informed the ICO on September 6, 2018, within 72 hours of learning that its systems had been breached, as required under the articles of GDPR. "So organizations need to implement security that is appropriate for their size, means, risk and need".

However, security researchers claimed to have found the stolen personal information up for sale online just a week after the incident.

Like this: