window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');

WARNING

We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

BA gets £20m slap for mega-breach

British Airways (BA) has been let off a possible £183 million data breach fine due to the economic disruption caused by the coronavirus.

CNC

The Information Commissioner’s Office (ICO) will now fine BA the smaller sum of £20 million, after taking into account appeals from the airline and also the economic fallout from the pandemic.

The original fine was approximately 1.5 per cent of the company’s annual turnover in adherence with guidelines set out in the European General Data Protection Regulation.

But £20m is still a significant sum. It’s the highest fine to date imposed by ICO. It serves as a warning to companies of all sizes about what can happen when customers’ personal data is not appropriately protected.

In 2018 more than 400,000 personal details and banking, information of BA’s customers was stolen including login, payment card and travel booking details as well as names and addresses. In a second incident, a further 185,000 customers who used the airline’s Avios rewards system also had personal data exposed.

Failure

ICO said BA failed to take necessary actions to protect customer data. This failure included a lack of multi-factor authentication across at least 13 critical applications. Many essential security measures were available free through Microsoft Windows, but BA didn’t use these.

The airline was only alerted to the data breach when a third party raised the issue more than two months after it occurred. ICO said there was little evidence the airline would have ever been able to identify the attack itself.

ICO’s lower fine also reflects the fact that the airline fully co-operated with its investigation and has since made significant improvements to the security of its systems.

The final fine is lower than the £50 million fine issued by French regulator, CNIL, against Google in 2019 but that was clearly before the economic disruption caused by Covid-19 when all airlines’ turnovers were significantly reduced.

Gary Jowett, from Computer & Network Consultants (CNC) in Brighton, said: “In this digital age companies have new ways to interact virtually with their customers which makes them more responsive and successful. But sometimes the people who design and implement systems fail to take account of all the security issues and the avenues and back doors criminals might use to undermine their systems. Twenty million is a significant sum, but it may only hurt BA a little bit. For a much smaller organisation, a fine a fraction of that amount could prove fatal.”

Newsletter Archives

By |2020-11-19T14:17:19+00:0019th November 2020|Tech News|Comments Off on BA gets £20m slap for mega-breach

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept