On 08/Jul/2019, British Airways plc received a privacy fine of GBP 20,000,000. The enforcement authority (Information Commissioner's Office) has cited these legal provisions in imposing the fine on British Airways plc: Article 32 GDPR/ GDPR/
|Date of enforcement action:|
|United Kingdom||GBP 20,000,000 (US$27,300,000)|
|Defendant company or entity:||Industry segment:|
|British Airways plc||Airlines / Transport /|
Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).
The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. This incident in part involved user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were harvested by the attackers. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018.
The ICO’s investigation has found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.
“Reason for the British Airways fine was a cyber incident that the company itself had notified to the ICO in September 2018. In this incident, user traffic on the British Airways website was partially redirected to a fraudulent website. This website was used by the attackers to harvest customer data. The incident compromised the personal data of approximately 500,000 customers. The result of the ICO investigation was that a large amount of information was compromised because of poor security measures. The ICO has not published what exactly it considered “poor security measures” but it has apparently considered the deficiencies to be so substantial that they justify a £183.39 million fine.” (Paul Voigt)
|Enforcement authority:||Type of enforcement action:|
|Information Commissioner's Office||Notice of intention|
|Subject to appeal?|
|Yes (Notice of intention is being appealed)|
Cite this fine in your work
Data Privacy Fines Index. (2019-07-08 09:28) British Airways fined GBP 20 million. dataprivacyfines.com. Retrieved from https://privacyfines.com/fine/british-airways-gbp-183-39-million/
Entry last updated: 2021-01-24 08:22 GMT.