The UK Information Commissioner’s Office (ICO) has fined British Airways for a total of £183.39 million after the national carrier’s IT systems were compromised last year in a hacking incident that compromised the personal and financial details of hundreds of thousands of passengers.
Issued as a penalty under the UK Data Protection Act, the fine is reportedly equivalent to 1.5% of the airline’s turnover in 2017, British Airlines’ parent group IAG has shared.
Lasting for a total of 15 days, the breach exposed sensitive customer details to hackers, which included login credentials, credit card information, as well as personal home addresses. The ICO has stated that the national carrier failed to take the necessary measures to ensure customer data was secure.
The penalty is the first issued by the UK Information Commissioner’s Office under the guidelines of the new General Data Protection Regulation (GDPR). IAG is considering appealing the fine.
Commenting on the announcement, Alex Cruz, the chair and chief executive of British Airways, shared: “We are surprised and disappointed in this initial finding from the ICO.”
He added: “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”