British Airways (BA) is to be fined a staggering £183 million for infringing the data rights of its customers.
The Information Commissioner’s Office (ICO) has issued a notice of its intention to fine BA a £183.39 million fine for breaching General Data Protection Regulation (GDPR) rules.
In September 2018 the airline said some 380,000 customers had been affected.
However, since the initial breach it emerged that a much larger number - some half a million BA customers - fell victim to data theft.
Hackers stole log in, payment card, and travel booking details as well name and address information.
The ICO has found BA at fault for the loss of information and as such has imposed the record fine – equivalent to 1.5% of the firm’s annual turnover.
Information Commissioner Elizabeth Denham comments: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.
“That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Responding to the intention to fine the airline, which BA's parent company International Airlines Group (IAG) is disputing, Alex Cruz, BA chairman and chief executive, comments: “We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers’ data.
"We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”
Willie Walsh, IAG chief executive, adds: “British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”
According to the ICO any monies recovered through fines goes directly to the Treasury for use in public expenditure.