The British Flag Carrier, British Airways, was today fined £20m, from the initial proposal of £130m being considered, by the Information Commissioner’s Office (ICO) after a data breach in 2018.

How did this data breach happen?

The penalty was reduced due to the ongoing economic impact of the COVID crisis from £130m down to £20m – Though this still marks a historic fine amount within the UK.  The ICO investigation unveiled that British Airways have been acting illegally in its treatment of customer data.

The 2018 data breach affected over 400,000 personal and debit card data. In a statement released the ICO – responsible for information governance in the UK – said:

“The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff. This included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.

 

Other details thought to have been accessed include the combined card and CVV numbers of 77,000 customers and card numbers only for 108,000 customers.”

An investigation concluded that sufficient security measures, such as multi-factor authentication, were not in place at that time.

British Airways were unaware about the attack but were later notified by a third party more than two months after the attack. Following this the airline took the proper measure in informing the ICO.

What are your thoughts on this? Were you affected? Let us know below in the comments!

This content was provided to MentourPilot by provider, Travel Radar Media. Travel Radar offers high quality content in partnership with Mentour