Skip to main content

British Airways hit with a massive fine for 2018 data breach

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

The breach took place during the summer of 2018, and affected anyone who used B.A.’s website or mobile app to book a flight or vacation. Hackers diverted customers to a fraudulent site from which they were able to harvest customer details that included names, addresses, log-in information, payment card numbers, and travel booking details. Initial reports said that around 380,000 people had been affected, but the ICO this week put the number at 500,000.

Information Commissioner Elizabeth Denham said of the incident: “People’s personal data is just that — personal. When an organization fails to protect it from loss, damage, or theft it is more than an inconvenience.

“That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The airline was understandably upset with the record fine, with B.A. chairman and chief executive Alex Cruz saying his company was “surprised and disappointed” by the ICO’s findings, adding, “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.”

The largest fine before now was handed out to Facebook in 2018 for its role in the Cambridge Analytica scandal. At 500,000 British pounds (about $625,000), that’s considerably lower than B.A.’s penalty. Larger fines have been made possible by new data protection laws that give greater powers to the agencies that deal with such cases.

The new laws mean businesses can be fined up to 4% of their annual turnover. With B.A.’s fine equaling 1.5% of its worldwide turnover in 2017, it clearly could have turned out a lot worse for the airline. B.A. has four weeks to appeal the ICO’s decision.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Personal data of 69 million Neopets users is now up for sale after a data breach
Person typing on a computer keyboard.

Neopets, an aged website that lets users keep virtual pets and take care of them, just suffered a major data breach. Aside from the personal data of over 69 million users, the hacker was able to obtain the website's source code.

This isn't the first time Neopets has faced a massive leak, but this time around, user data is currently being sold for crypto -- and the leak includes more than just usernames and passwords.

Read more
Hacker steals 1 billion people’s records in unprecedented data breach
A depiction of a hacker breaking into a system via the use of code.

An anonymous hacker has stated that he has successfully infiltrated the Shanghai police department’s database. In doing so, he apparently extracted personal information of a staggering one billion Chinese citizens.

The individual, 'ChinaDan', took sole responsibility for the data breach. As reported by Reuters and PCMag, he detailed the incident on hacker forum Breach Forums.

Read more
Hackers targeted AMD to steal huge 450GB of top-secret data
A depiction of a hacker breaking into a system via the use of code.

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

Read more