£183m is the largest fine of this present time. The Information Commissioner Officer fined British Airways for its last year’s security systems data breach.
This latest data breach news has shocked millions of people and created a dismayed sentiment. Various sources keep on delving this incident and trying to figure out the facts behind it. BA airline’s owner IAG expressed surprise and disappointment over such occurrence. As per BA resources, it was a sophisticated, malicious criminal attack. Whereas, according to the ICO, the penalty which is handed over to British Airways broke all the previous records. This most significant penalty is also the first to be made public under new regulations.
Let’s crack on the real story
ICO spoke-up and brought significant facts to light. They said the users of the British Airways website were diverted to a scamming website. The attackers hacked the details of 500,000 customers, from that fraudulent site. Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
This was not the first time BA got affected through GDPR breach fines. The reality check had been given to BA, when an incident unleashed on 6 September 2018. To cover the name and fame of the airways, it was informed that 380,000 transactions were affected. But they excluded the stolen data and travel/passport details.
What’s personal is personal
The ICO said the suspicion over the incident started in June 2018.
The watchdog informed with various chunks of information was “compromised” by pathetic security arrangements at the company. The compromised information included the login, payment card, and travel booking details as well as name and address information. But as per the Airline, there were many other types of information as well. Such as names, email addresses, credit card information such as credit card numbers, expiry dates and the three-digit CVV code found on the back of credit cards. After all the chaos, the BA co-operated very well with the Commissioner Officer and investigation. It also acted quickly to make improvements to its security arrangements.
New rules for better compliance
The General Data Protection Regulation (GDPR) came into force last year and was the biggest shake-up to data privacy in 20 years. This fine made public on British Airways because new regulations need to be introduced. According to the new rules, one must report data security breaches to the ICO right after the incident happens.
Due to this incident, the penalty to 4% of turnover has also increased. The BA penalty amounts to 1.5% of its worldwide turnover in 2017, less than the possible maximum.
Another scandalous news, we can say the most significant penalty other than BA, was £500,000 on Facebook. The ICO imposed fines on Facebook due to its role in the Cambridge Analytical data scandal. Therefore, it was a maximum penalty under the old data protection rules before GDPR.
Now BA has a long way to cover
“British Airways can appeal within 28 days, and it would be making representations to the ICO”, said Willie Walsh, the chief executive of IAG. Moreover, he added, “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.” After the news cracked worldwide, the BA responded to this a criminal attack by saying, “We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”
Seers have a solution for you
Seers values your data and hard-earned money. Just do not let your income drown in the flow of cyber breaches and attacks. When it comes to protecting your data, you’re in safe hands. We’re at the forefront of cybersecurity and data protection. Seers complete GDPR training program enables you to reduce GDPR breach fines and penalties. We are just a click away.