Privacy Blog
ICO IMPOSES FINE OF £20 M. ON BRITISH AIRWAYS FOR DATA BREACH
16.10.2020
The Information Commissioner’s Office (“ICO”) has imposed a fine of £20 Million on British Airways on the ground that it had failed to protect the personal and financial details of more than 400.000 of its customers.
In the present case, British Airways faced a cyber-attack in 2018 which the airways did not detect for more than two months. It is believed that the attacker had potentially accessed the personal data of approximately 429,612 customers and staff. This included names, addresses, payment card numbers and CVV numbers of 244,000 the airways’ customers.
The investigation shows that the airways would have prevented the cyber-attack if it had taken adequate protection measures such as limiting access to applications, data and tools, using multi-factor authentication and undertaking rigorous testing.
In this sense, the ICO found that the airline was processing a significant amount of personal data without adequate security measures in place so the airways has been imposed fine of £20 M. for data breach affecting more than 400,000 customers.
You can read the ICO’s press release here.
Should you have any queries and/or remarks, please do not hesitate to contact us.
Kind regards,
Zumbul Attorneys-at-Law