British authority” The Information Commissioner’s Office (ICO)” fined British Airways £ 20 million for failing to protect the personal and financial information of more than 400,000 customers.
The authority’s investigation found that the airline was processing a significant amount of personal data without adequate security measures.
British Airways faced a cyberattack in 2018 and the ICO claims it failed to detect the attack in more than two months.
ICO investigators concluded that addressing the security issues on time would have prevented the 2018 cyber-attack and fined the airline £ 20 million.
Information Commissioner Elizabeth Denham said: “People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure.
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date.
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”
It is believed that the personal data of approximately 429,612 customers and personnel were accessed in the cyber attack in 2018. This number includes the names, addresses, credit card numbers and CVV numbers of 244,000 BA customers.
In addition, it is thought that both the card and CVV numbers of 77,000 customers and the card numbers of 108,000 customers were seized by the attacker/s
The attack took place on June 22, 2018, and British Airways notified the ICO on September 5.
