Update – BA Facing Record Fine for Data Breach

Update to our report in September 2018 regarding the data breach of BA’s website where BA customers were being diverted to a fraudulent website where the personal data of approximately 500,000 customers were compromised.

The ICO has announced that following an extensive investigation in to the breach they have issued a notice to fine British Airways £183.39m (1.5% of worldwide turnover in 2017) for infringements of the General Data Protection Regulation (GDPR).

Whilst this could have been as much as £489m (4% of worldwide turnover) under the new GDPR rules this is by some distance the largest fine the ICO has ever issued with the previous highest being £500k under the previous legislation.

The ICO has confirmed that their investigation found poor security arrangements at BA (owned by IAG) resulted in a variety of information being compromised including log in, payment card and travel booking details including name and address information.

BA now has the opportunity to make representations to the ICO regarding its findings.

If it is your job to protect your company from such a potentially devastating outcome Focus on Training can help with a wide range of Security, Cyber and Governance, and GDPR courses including: