Following an incident that saw more than 500,000 customers have their personal data exposed to hackers, British Airways has been handed a record fine from the Information Commissioner’s Office (ICO), totalling an astounding £183 million.
This fine marks the largest penalty handed out by the ICO since new rules with regards to data protection were introduced in May of last year.
The attack itself is believed to have begun three months prior to it being exposed, in June 2018, with data such as names, email addresses and payment details ‘compromised’.
What happened during the cyber-attack?
First revealed in September 2018, the cyber-attack saw customers directed from the BA website to a fraudulent site, on which their personal details were harvested.
Following an investigation by the ICO, British Airways was found to have poor security within their online systems, leaving the likes of customers names, credit card information, login details and booking details left vulnerable.
Speaking with regards to the incident Information Commissioner, Elizabeth Denham has said: “The law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Following the company being handed the fine of £183m, BA had 28 days to appeal, which the airline had planned to do according to latest reports. Prior to this, the biggest penalty imposed upon a business had been Facebook, which had received a £500,000 fine for its role in the Cambridge Analytica scandal.
How are fines calculated?
Under GDPR, fines are calculated as a percentage of turnover, with a maximum of 4%. BA’s fine represents 1.5% of its global turnover.
What this significant penalty represents, is the vital importance that having iron-clad cyber security processes and procedures has for businesses. Fines of this magnitude have the ability to seriously impact a company’s cash flow, not to mention damage its reputation.
How effective are cyber security procedures within your business? Contact the team at MWL Systems today for a full review of your cyber security and recommendations for improvement.