Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

British Airways Faces 183m EU Fine Following Data Breach

DZone 's Guide to

British Airways Faces 183m EU Fine Following Data Breach

Learn more about the biggest data privacy penalty since GDPR.

· Security Zone ·
Free Resource

Image title


The Information Commissioner's Office (ICO) has handed British Airways what it claims is the biggest penalty — and the first to be made public under new rules — since the General Data Protection Regulation (GDPR) came into play last year. According to the ICO, 500,000 customers had their personal information compromised during the 2018 breach, and the airline needs to pay up - to the tune of £183 million.

BA data breach facilitated by poor website security. 1.5% of global turnover or £185M GDPR fine levied. https://t.co/Wsn22Jm65X

- Chris Wysopal (@WeldPond) July 8, 2019

According to the BBC, British Airways, owned by IAG, has said that it is "surprised and disappointed" by the penalty, following an attack by hackers who allegedly carried out a "sophisticated, malicious criminal attack" on its website. The airline first disclosed the incident on Sept. 6, 2018, and had initially reported roughly 380,000 transactions had been affected.

The ICO, which believes the attack began in June 2018, found that user traffic to BA's website was re-routed to a fraudulent website that gave hackers the ability to steal customer information. As a result of the airline's poor security posture, customer login information, payment card, and travel booking details, and names, and addresses were compromised.

In a statement, Information Commissioner Elizabeth Denham said, "People's personal data is just that — personal. When an organization fails to protect it from loss, damage, or theft, it is more than an inconvenience. That's why the law is clear — when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

Ensuring that your organization is in compliance with GDPR is critical for both your customers' protection and your bottom line. 

Topics:
security ,gdpr ,data breach ,british airways ,breach ,data protection ,hack

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}