ICO Announced Fine to British Airways and It’s Underwhelming

Andrew Cummings
October 18, 2020

The airline failed to implement security measures that could have prevented the June 2018 cyberattack that caused the breach, which potentially exposed the personal data of some 429,612 British Airways customers and staff, the UK's Information Commissioner's Office said Friday.

The ICO finding that the airline was processing a significant amount of personal data without adequate security measures in place is particularly damning. The commission found the airline responsible for failing to protect over 400,000 of its customers' personal and financial data, which was leaked during a cyber-attack incident in 2018.

"That's why we have issued BA with a GBP20 million fine â€" our biggest to date.

Click to follow Telangana Today Facebook page and Twitter .


It's also unclear whether the airline would have spotted the attack on its own, which was considered a "severe failing" because of the number of people affected and the potential financial damage that could have been done, according to regulators. We will continue to watch how developments in this area play out, particularly in respect of the quantum of the intended Marriott fine and whether that will also be reduced (the ICO issued a notice of its intention to fine Marriott International £99,200,396 in July 2019). Well, COVID-19 happened. "As part of the regulatory process the ICO considered both representations from BA and the economic impact of COVID-19 on their business before setting a final penalty", the authority explained in its latest statement.

The British provider additionally didn't be taught in regards to the assault till a 3rd celebration flagged it for the corporate greater than two months after the it occurred, officers mentioned.

"When organizations take poor decisions around people's personal data, that can have a real impact on people's lives".

However, it still represents the largest fine yet issued by the ICO.


A further 77,000 customers had their combined card and CVV numbers accessed, and an additional 108,000 customers had just their card numbers accessed. The law now gives us tools that encourage more efficient decision-making when it comes to data, including investments in up-to-date security technologies, "commented Elizabeth Denman, an ICO member". The ICO confirmed that this "included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers".

British Airways said it had alerted customers as soon as it had found out about the attack on its systems.

The watchdog said the carrier "acted promptly" once it became aware of the hack, and has since made "considerable improvements to its IT security".

On Monday, IAG announced it was replacing BA's chief executive Alex Cruz with Aer Lingus boss Sean Doyle with immediate effect.


Other reports by iNewsToday

FOLLOW OUR NEWSPAPER