British Airways has been fined £20m for failing to protect the personal and financial details of more than 400,000 customers, according to Business Live. This follows an investigation by the Information Commissioner’s Office (IC)) after the airline was the subject to a cyber-attack, which it did not detect for more than two months, in 2018. The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff, including names, addresses, payment card numbers, and CVV numbers of 244,000 BA customers. ICO investigators found that BA did not detect the attack on 22 June 2018 themselves but were alerted by a third party more than two months afterward on 5 September. Once they became aware BA acted promptly and notified the ICO. Although this fine is the biggest issued by the ICO to date, it is still just a fraction of the £183 million fine the organisation originally said it intended to issue in 2019.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
