Skip to main content

British Airways hit with a massive fine for 2018 data breach

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

The breach took place during the summer of 2018, and affected anyone who used B.A.’s website or mobile app to book a flight or vacation. Hackers diverted customers to a fraudulent site from which they were able to harvest customer details that included names, addresses, log-in information, payment card numbers, and travel booking details. Initial reports said that around 380,000 people had been affected, but the ICO this week put the number at 500,000.

Information Commissioner Elizabeth Denham said of the incident: “People’s personal data is just that — personal. When an organization fails to protect it from loss, damage, or theft it is more than an inconvenience.

“That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The airline was understandably upset with the record fine, with B.A. chairman and chief executive Alex Cruz saying his company was “surprised and disappointed” by the ICO’s findings, adding, “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.”

The largest fine before now was handed out to Facebook in 2018 for its role in the Cambridge Analytica scandal. At 500,000 British pounds (about $625,000), that’s considerably lower than B.A.’s penalty. Larger fines have been made possible by new data protection laws that give greater powers to the agencies that deal with such cases.

The new laws mean businesses can be fined up to 4% of their annual turnover. With B.A.’s fine equaling 1.5% of its worldwide turnover in 2017, it clearly could have turned out a lot worse for the airline. B.A. has four weeks to appeal the ICO’s decision.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers targeted AMD to steal huge 450GB of top-secret data
A depiction of a hacker breaking into a system via the use of code.

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

Read more
Robinhood reports data breach affecting 7 million customers
Robinhood app on a smartphone.

Online stock trading platform Robinhood has been hit by a data breach affecting about seven million of its customers, the company revealed on Monday, November 8.

The Menlo Park, California-based company said the “data security incident” took place on Wednesday, November 3, when an unauthorized third party “obtained access to a limited amount of personal information.”

Read more
Hackers just stole personal data from millions of Acer customers
acer swift 3 13 2019 review acerswift3132019

Acer has just confirmed that its servers were beached by a group of hackers called Desorden. The hackers managed to steal over 60 gigabytes worth of data containing sensitive information about millions of Acer's customers.

The compromised information includes the names, addresses, and phone numbers of several million clients, but also restricted corporate financial data.

Read more