GDPR Law Hits British Airways For 2018 Data Breach

This week, the UK Information Commissioner’s Office issued a notice of intention to fine British Airways £183.39M for a 2018 data breach. The Commissioner’s office issued a report outlining BA’s infringements under the EU’s General Data Protection Regulation (GDPR law).

The data breach came in a cyber incident against British Airways, which the company reported to the ICO in September 2018. As part of the attack, which began in June 2018, traffic to the British Airways website diverted to a fraudulent site controlled by the attackers. After visitors were direct to the impersonating site, the attackers harvested personal details from BA customers. Approximately 500,000 customers had their private information compromised in the incident.

The Commissioner’s investigation blamed poor security arrangements at British Airways for the loss of customer information. The ICO said the company failed to protect at least five types of information, including login, name and address, payment card, and travel booking details.

Elizabeth Denham, the Information Commissioner, said, “When an organisation fails to protect [personal data] from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

GDPR Law - British Airways
GDPR law British Airways. Image by NewsBlaze.

After reporting the incident to the Commissioner, British Airways cooperated with the investigation and made improvements to its security.

The next step for the company is to make representations to the ICO regarding their findings and the proposed sanction.

ICO was the lead supervisory authority in the investigation and liaised with other regulators on behalf of other EU Member State data protection authorities. Under the GDPR ‘one-stop-shop’ provisions, the data protection authorities in the EU whose residents have been affected have a chance to comment on the ICO’s findings.

The ICO stated that it would carefully consider the company’s representations, as well as submissions from other data protection authorities before making a final decision.

Responding to the ICO statement, British Airways said it was “surprised and disappointed” by the size of fine, amounting to 1.4% of its annual turnover. The company expects to appeal against the Commissioner’s findings and the proposed fine.

Security organisations blamed the “Magecart” criminal group for the attack.

British Airways reported that the exploit lasted from 22:58 GMT August 21, 2018, and 21:45 GMT September 5, 2018. They noted “no evidence of fraudulent activity on accounts linked to the theft.”

Record Fine

The proposed record fine is four times the fine levied against Google. It is the first heavy penalty issued against a multi-national corporation due to a criminal cyberattack that compromised customer information.

This should be a warning for any company or website that receives or holds customer information that must comply with the wide-ranging GDPR.

Hot this week

Did David Wineland and Serge Haroche Steal Idea For The Nobel Physics Prize?

Dr. Omerbashich says the Royal Swedish Academy is a Crime Scene and he has the proof that Nobel laureates stole his discovery.

New Approaches to Disaster Relief Challenges

Disaster relief has always been a challenge. NASA, Google,...

3 Legitimate Money Making Methods to Supplement Your Income

In a perfect world, when your landlord raises your...

2016 Predictions by World Renowned Medium and Psychic Lindy Baker

World renowned medium and psychic Lindy Baker is interviewed by The Hollywood Sentinel, discussing psychic power, the spirit world, life after death, areas of concern in 2016, and much more.

Digital Coupon Customers Spending More Than Double At Stores

A new study shows that customers who use digital coupons go shopping more for groceries and other household goods more often and spend more on their shopping trips.

Why More Americans Are Choosing Refurbished Electronics Over New, and How Magnakom Helps

Refurbished electronics are gaining traction as schools, businesses and consumers look for lower costs, secure data destruction and reduced e-waste.

Inside The Magician’s Study: Phillip Zmijewski’s Night Behind the Velvet Codeword

Phillip Zmijewski shares a guest review of The Magician’s Study, the invite-only Las Vegas magic show built around secrecy, close-up magic and audience interaction.

Steven Capuano on the Manufacturing Decisions That Lock In a Product Company’s Margins Long Before Anyone Notices

Most founders of physical-product companies believe the hard part is the idea. Steven Capuano, founder of SpinalTechUSA argues the opposite.

Sangria, Empanadas… and a Curse? One of New York’s Hottest Summer Festivals Has It All

Summer in New York is made for unforgettable experiences, and few promise to deliver like the Sangria & Empanada Latin Experience.

CISO HQ Launches to Help Security Leaders Turn Cybersecurity News Into Action

The cybersecurity industry has entered an era where nearly...

Dacke Industri Electromen Acquisition Adds Finnish Motion-Control Electronics

Dacke Industri Electromen acquisition adds Finnish intelligent electronics and motor-control expertise to its Air and Mechatronics division.

Why More Travelers Are Switching to a One-Bag Packing System in 2026

More travelers are choosing to skip the checked suitcase....

Related Articles

Popular Categories