British Airways faces record fine for data breach

The UK Information Commissioner’s Office (ICO) has shown it means business when it comes to protecting consumer data by proposing a record-breaking fine of over £183m on airline giant British Airways (BA).

Plans to issue the fine come in response to a security breach on BA’s systems reported in September 2018 and is the first penalty to be made public since new General Data Protection Regulations (GDPR) came into force in May 2018.

The incident caused the personal details of around 500,000 customers to be compromised by hackers, including login credentials, card details and booking information. Read more about the hack and our analysis of the true potential cost to British Airways.

The ICO’s investigation into the matter discovered the breach was a result of BA’s poor security arrangements, which the company has been working to improve since the attack was announced. However, this is a perfect example of ‘too little, too late’ as the damage had already been done.

Although BA was quick to report the breach once the business became aware, and very much within the 72-hour deadline laid out by GDPR, the malicious activity is said to have started several months before in June 2018.

Some may say that the ICO is abusing its new power to ‘make an example’ of the airline, but the message it is sending is clear and should not be disregarded; if companies are going to continue not taking their security and protection of customer data seriously, then there will be serious consequences.

It’s clear that the lengths cybercriminals will go to and the increasing complexity of their attacks show no sign of slowing down, therefore the approach businesses take towards their security estate should mirror the same pace and determination.

The first immediate action you can take to protect your business and the precious data of your customers is getting your security knowledge up to speed. If there are areas where you know you’re lacking, then get signed up to one (or several!) of the expert webinars our security partner, Sophos, is running this week. They’re a great resource for acquiring the most accurate information on various IT security topics and what’s more… they’re free!

You can check out the agenda and register online here.

If you’re not sure if there are any holes in your cybersecurity strategy, why not take our IT security questionnaire? We’ll send you a personalised report identifying areas of weakness, as well as a plan of action to bolster your business’ defence.

The significant fine proposed by the ICO should be a wake-up call to any business that handles and collects personal data, no matter what size, as a lack of investment in effective security technology could cause even more expense down the line. Don’t leave it until it’s too late.

Read more about IT security in our recent blogs: