08 July 2019
British Airways (BA) was today hit with a record fine of £183m for last year's breach of its security systems.
It is the equivalent of 1.5% of BA's global turnover for the financial year ending December 31st.
The airline, owned by IAG, says it is "surprised and disappointed" by the penalty from the Information Commissioner's Office (ICO).
At the time, BA said hackers had carried out a "sophisticated, malicious criminal attack" on its website.
It is the biggest penalty the ICO has handed out and the first to be made public under new rules.
The ICO said the incident took place after users of British Airways' website were diverted to a fraudulent site. Through this false site, details of about 500,000 customers were harvested by the attackers, according tothe ICO said.
"People's personal data is just that - personal," said information commissioner Elizabeth Denham. "When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
The incident was first disclosed on September 6th 2018 and BA had initially said approximately 380,000 transactions were affected. However, the stolen data did not include travel or passport details.