British Airways to be fined £183m after customer data breach

British Airways data breach

Last year, almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. In response, the airline is now facing a staggering £183 million penalty by the Information Commissioner’s Office (ICO).

However, while the ICO has the power to impose data breach fines, it does not give this money to victims of the data breach. So, if your data was put at risk by BA, you should now make a data breach compensation claim.

What has the ICO said about the British Airway’s data breach?

Commenting on the proposed fine, Information Commissioner Elizabeth Denham said:

“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.

“That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

British Airways has said that it is surprised and disappointed about the huge penalty.  However, this is still only worth 1.5% of its worldwide turnover. What’s more, under data protection rules, the fine could have been as large as £488 million. So BA could be getting away lightly.

Despite this, BA is hoping to appeal. And, the ICO has said that it will “consider carefully” the representations BA makes as well as other concerned data protection authorities before it takes its final decision.

What did British Airways do wrong?

British Airways customers had their details stolen over 15 days in a massive data breach. The attack put the personal and financial information of customers making bookings at risk. Enough details were exposed to make the threat of cybercrime a real possibility. Also, many banks had to cancel and re-issue cards as a result of the stolen data. In total, about 380,000 transactions were affected.

Investigating why this breach was able to happen, the ICO found that information was able to be compromised by inadequate security arrangements at BA.

Commenting on the proposed penalty, Kingsley Hayes, managing director at Hayes Connor Solicitors said:

“This is the most significant penalty ever handed out by the ICO, and the first to be made public under the new GDPR. With such attacks often having a devastating effect on victims, we are delighted that the ICO is taking the BA data breach so seriously.

“From the start, BA has tried to delay acting on its responsibilities to its customers. For example, when the breach first happened, it said that compensation claims would be discussed on an ‘individual basis’. However, it was never up to the airline to dictate the terms of any compensation payments.

“Following the ICO’s announcement, it looks like the company is still not taking responsibility for its data protection failures in so far as its customers compensation claims are concerned and their lawyers still fail to take a proactive approach to resolving those”.

What can you do if you were affected by the British Airways data breach?

At Hayes Connor Solicitors, we are taking action against British Airways. The action allows people with the same type of claim to bring it together on a collective basis. This strengthens their overall position and increases their chances of success.

The BA data breach was able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action

To join our British Airways data breach action compensation claim, register with us today. We can help you claim compensation for financial losses, as well as for inconvenience and distress.


2 replies

Trackbacks & Pingbacks

  1. […] could have been much harsher. For example, in the last few weeks, we have seen the ICO warn both British Airways and Marriott Hotels that it is planning to issue fines of £183.39m and £99.2m respectively for […]

  2. […] announcement comes a day after the UK’s data privacy regulator said that it planned to fine British Airways £183m over a separate breach. These huge fines reflect changes in data protection law since the General Data Protection […]

Comments are closed.