British Airways (BA) has been fined more than £183 million after computer hackers stole bank details from thousands of passengers last year. The UK’s data privacy watchdog has fined the airways, reports LiveMint.
The UK Information Commissioner’s Office (ICO) issued a notice of intention to fine the airlines £183.39 million ($229.7 million, 205 million euros) for infringements of EU data protection rules, or GDPR.
Government officials explain the rationale behind huge fine
Elizabeth Denham, Information Commissioner said in a statement, “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear — when you are entrusted with personal data you must look after it.” She added, “People’s personal data is just that – personal.”
BA’s parent group IAG has revealed that the fine was equivalent to 1.5% of British Airways’ turnover in 2017. Companies can be fined up to 4% of their annual global turnover if they breach EU data protection rules. The massive fine is equivalent to more than 7%of IAG’s net profit last year.
Willie Walsh, IAG chief executive has said that they would consider appealing the penalty because they want to “to take all appropriate steps to defend the airline’s position vigorously”. Alexa Cruz, the CEO of British Airways said the airline was “surprised and disappointed” by the punishment.
British Airways revealed details of the hack
The airlines publicly revealed that the hack had taken place, last year in September. The stolen data had customer names, postal addresses, email addresses and credit card information. However, the breach was fixed on the discovery and did not involve travel or passport details.
BA promised to offer compensations to the affected customers. It also took out full-page adverts in the UK newspapers to apologise to passengers. They described the attack as “a very sophisticated, malicious, criminal attack on our website.”