British Airways fined £183m for data leak
The UK’s data privacy authority has announced that they have slammed British Airways with a fine of £183m for failing to protect its customers’ data.
The Information Commissioner’s Office (ICO) said that this is the first time that they had handed out such a huge penalty, and had to made it public under new rules.
Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.
“That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
The ICO blamed the incident on “poor security” at British Airways as its website was diverted to a fraudulent site. Through this pseudo site, the personal details of more than 500,000 customers were retrieved.
Alex Cruz, British Airways chairman and chief executive, said: “We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused.”
British Airways has said that they will appeal against the penalty.