This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.bbc.co.uk/news/business-48905907
The article has changed 9 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| British Airways faces record £183m fine for data breach | British Airways faces record £183m fine for data breach |
| (32 minutes later) | |
| British Airways is facing a record fine of £183m for last year's breach of its security systems. | |
| The airline, owned by IAG, says it was "surprised and disappointed" by the penalty from the Information Commissioner's Office (ICO). | The airline, owned by IAG, says it was "surprised and disappointed" by the penalty from the Information Commissioner's Office (ICO). |
| At the time, BA said hackers had carried out a "sophisticated, malicious criminal attack" on its website. | At the time, BA said hackers had carried out a "sophisticated, malicious criminal attack" on its website. |
| The ICO said it was the biggest penalty it had ever handed out and the first to be made public under new rules. | The ICO said it was the biggest penalty it had ever handed out and the first to be made public under new rules. |
| The General Data Protection Regulation (GDPR) came into force last year and was the biggest shake-up to data privacy in 20 years. | The General Data Protection Regulation (GDPR) came into force last year and was the biggest shake-up to data privacy in 20 years. |
| The penalty imposed on BA is the first one to be made public since those rules were introduced and amounts to 1.5% of its worldwide turnover in 2017, less than the possible maximum of 4%. | The penalty imposed on BA is the first one to be made public since those rules were introduced and amounts to 1.5% of its worldwide turnover in 2017, less than the possible maximum of 4%. |
| Until now, the biggest penalty was £500,000, imposed on Facebook for its role in the Cambridge Analytica data scandal. That was the maximum allowed under the old data protection rules that applied before GDPR. | Until now, the biggest penalty was £500,000, imposed on Facebook for its role in the Cambridge Analytica data scandal. That was the maximum allowed under the old data protection rules that applied before GDPR. |
| The ICO said the incident took place after users of British Airways' website were diverted to a fraudulent site. Through this false site, details of around 500,000 customers were harvested by the attackers, the ICO said. | |
| Information Commissioner Elizabeth Denham said: "People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. | |
| "That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights." | |
| BA has 28 days to appeal. Willie Walsh, chief executive of IAG, said British Airways would be making representations to the ICO. | BA has 28 days to appeal. Willie Walsh, chief executive of IAG, said British Airways would be making representations to the ICO. |
| "We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals," he said. | "We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals," he said. |
| The incident was first disclosed on 6 September 2018 and BA had initially said approximately 380,000 transactions were affected, but the stolen data did not include travel or passport details. | |
| The information included names, email addresses, credit card information such as credit card numbers, expiration dates and the three-digit CVV code found on the back of credit cards, although BA has said it did not store CVV numbers. | The information included names, email addresses, credit card information such as credit card numbers, expiration dates and the three-digit CVV code found on the back of credit cards, although BA has said it did not store CVV numbers. |
| 'No evidence of fraud' | |
| The ICO said the incident was believed to have begun in June 2018. | |
| The watchdog said a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information. | |
| Alex Cruz, British Airways' chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO. | Alex Cruz, British Airways' chairman and chief executive, said: "We are surprised and disappointed in this initial finding from the ICO. |
| "British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. | "British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. |
| "We apologise to our customers for any inconvenience this event caused." | "We apologise to our customers for any inconvenience this event caused." |
| The watchdog said BA had co-operated and made improvements to its security arrangements. | |
| Under the regulations, authorities in the EU whose residents have been affected will also have the chance to comment on the ICO's findings. | |
| The penalty is divided up between the other European data authorities, while the money that comes to the ICO goes directly to the Treasury. | |
| It is up to individuals to claim money from BA, which provided no information on whether any compensation had been paid. | |
| Were you a victim of the data breach? How were you affected? haveyoursay@bbc.co.uk | Were you a victim of the data breach? How were you affected? haveyoursay@bbc.co.uk |
| Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: | Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: |
| Or please use the form below | Or please use the form below |