British Airways have confirmed that their major customer data breach in 2018 has led to them incurring a record £183m fine. This is the largest penalty ever issued by the Information Commissioner’s Office (ICO).
The issue was discovered on the British Airways website where users were funnelled to a duplicate fraudulent website which resulted in hackers amassing around 500,000 BA customers details. This issue was first disclosed on September 6th of 2018 with the initial approximate number of customers affected being 380,000 transactions.
To many BA customers relief, the information stolen did not include passport or travel details, however, this did nothing to soften the blow of the breach and ease customers minds. The issue was first believed to have begun in June 2018 with comprised information being exposed due to poor security protocols at British Airways including payment cards, log in and travel booking details which includes names and address information.
Why such a big fine?
British Airways made an initial statement that the information included email addresses, names, credit card information which may have included credit card numbers and expiry dates. Information from sources stated that BA had co-operated with the investigation into the breach and made progressive steps to improve their security arrangements.
Since the new implementation of the GDPR initiative it has been mandatory for companies to report data security breaches to the information commissioner. The penalty fine is a maximum of 4% of total turnover however this fine represents a figure of around 1.5% worldwide revenue indicating that this could have been much worse for BA.
Highlighting the need for heightened Cyber-Security
This fine represents a huge uplift from the Facebook Cambridge Analytica scandal which yielded a fine of £500,000 which is of course minuscule in comparison. This is due to the difference in laws at the times of each separate data breach with the new European GDPR laws being implemented after.
The fine has sent ripples of shock and fear into the business world and was no doubt a statement of intent from ICO, become Cyber secure and protect your customers data or face the consequences…
If you want to take additional measures to protect your business from potential cyber attacks or data breaches, then why not get your business Cyber Security Certified with Advantage by getting in touch with our team of IT experts today.
Want to be kept up to date on any potential data breaches? Then why not sign up to our mailing list to get these delivered straight to your inbox?