Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

UK Fines British Airways for Failures in 2018 Data Hack

Britain’s information commissioner has fined British Airways 20 million pounds ($25 million) for failing to protect personal data for some 400,000 customers, the largest fine the agency has ever issued.

Britain’s information commissioner has fined British Airways 20 million pounds ($25 million) for failing to protect personal data for some 400,000 customers, the largest fine the agency has ever issued.

The ICO said in a statement Friday that the airline was processing personal data without adequate security measures. It also noted that it did not detect a 2018 cyber attack for two months.

Information Commissioner Elizabeth Denham said says BA’s “failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.”

Under the European Union’s General Data Protection Rules imposed in 2018, organizations face fines of up to 20 million euros ($23 million) or 4% of annual global turnover — whichever is greater — for the most serious violations.

Related: Former Contractor Sentenced to Prison for Hacking British Airline Jet2

Related: British Airways Faces $230 Million Fine for 2018 Breach

Related: British Airways Criticized for Exposing Passenger Flight Details

Related: British Airways, Another Victim of Ongoing Magecart Attacks

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.