British Airways Fined £183 Million Over Customer Data Breach

8 July 2019, 09:29 | Updated: 8 July 2019, 16:44

British Airways have been fined £183 million by the Information Commissioner's Office over customer data breaches.

Personal data of around half a million passengers were compromised during a hack believed to have lasted two weeks in August last year.

The airline at the time said it was hit by a "very sophisticated malicious criminal attack" that compromised the bank information of its customers who booked flights on its website and app - forcing customers to contact their bank to replace their cards.

The data breach happened just months after the General Data Protection Regulation (GDPR) came into force in May last year, which means firms can be fined up to 4% of annual turnover for data breaches.

British Airways' fine of £183 million represents 1.5% of its annual turnover.

The ICO's investigation found that a variety of information was compromised by "poor security arrangements", and the fine is the largest it has handed out and the first to be made public since the new rules came into force.

British Airways CEO Alex Cruz said: "British Airways responded quickly to a criminal act to steal customers' data.

"We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.

"We apologise to our customers for any inconvenience this event caused."

Willie Walsh, the head of British Airways' parent company International Airlines Group, said the airline would be "making representations" to the ICO in connection to the fine.

"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals."