Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Following an Information Commissioner’s Office (ICO) investigation into the British Airways data breach, the airline has been fined £20 million for failing to keep passengers’ personal data secure.
ICO investigators found British Airways was processing a considerable amount of customers’ private information without sufficient security standards in place to protect personal data.
The ICO imposed the £20 million British Airways fine, the largest penalty of its kind to date, for the airline failing to protect customer data. More than 400,000 customers had their private data violated in the 2018 British Airways data breach, according to a Reuters report.
The cyber attacker is thought to have stolen personal information like names and addresses, but also financial details like credit card and CVV numbers of 244,000 customers, according to CNBC: 108,000 British Airways customers had their credit card numbers accessed, and another 77,000 customers had both credit card and CVV numbers accessed.
According to the ICO, at least 612 British Airways Executive Club customers’ usernames and passwords could have also been accessed.
The British Airways data breach went undetected for over two months.
But the airline says it notified customers of the breach as soon as possible.
“We alerted customers as soon as we became aware of the criminal attack on our systems in 2018 and are sorry we fell short of our customers’ expectations,” a British Airways spokesperson told CNBC. “We are pleased the ICO recognizes that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation.”
The ICO imposed the British Airways fine after its investigation found the airline should have detected deficiencies in its security and fixed them by placing safety measures to protect the sensitive personal data of its customers.
The ICO investigation concluded by surmising the data breach would have been averted if the security inadequacies had been resolved by the company.
“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure,” Information Commissioner Elizabeth Denham said about the seriousness of the breach, according to the ICO’s website. “Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine — our biggest to date.”
Denham continued: “When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”
The British Airways data breach occurred in June 2018. Because the U.K. was still a part of the EU at that time, the ICO investigated the breach under the General Data Protection Regulation (GDPR) guidelines. The ICO determined the airline broke privacy laws.
The British Airways fine was announced in June 2019. The effects of COVID-19 were considered as fine’s amount was decided this year, according to the ICO.
In addition to the fine, British Airways also faces a class action lawsuit from customers who had their personal data accessed in the cyberattack.
Claimants can file to be a part of the group action until 17 January 2021.
British Airways customers who made payments between 21 April 2018 and 28 July 2018, or 21 August 2018 and 5 September 2018 may be eligible to join the group action.
The courts will determine the amount of compensation due to BA customers who were subject to the data breach.
Are you a British Airways customer? What is your opinion about the £20 million British Airways fine for the data breach? Tell us how you feel in the comments.
Check back daily for the most recent U.K. class action lawsuit and consumer protection news.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
