Airline Faces £800m Penalty For Customer Data Breach

Uploaded on 2021-01-16 in FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Services-Law

British Airways (BA) has to deal with claims from a 2018 data breach which could cost more than £800 million. Over 400,000 customers had their bank credit cards and personal data stolen from BA’s website. Usernames and passwords of BA employee and administrator accounts, as well as usernames and PINs of up to 612 BA Executive Club accounts, were also potentially accessedSome passengers were diverted to a fake website, which harvested their details.

A recent High Court ruling means that customers can claim compensation against the airline and over 16,000 have started the process. If successful, the compensation per claimant would likely be around £2,000 each, meaning that if  all the people affected claim, the total penalty would be £800 million.

The UK Information Commissioner (ICO) originally planned to fine BA £183 million for the breach, the largest penalty in the watchdog’s history. This was later reduced to £20 million as the airline faced serious financial pressures during the Covid-19 pandemic. The ICO said that  BA could have taken measures to reduce the risk, such as the testing of its cyber-defenders

In a statement the airline said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber-attack... We do not recognise the damages figures put forward, and they have not appeared in the claims." It is understood that BA has considerably improved its cyber security since the attack.

The BA case is the first group lawsuit of its kind to be brought under GDPR data protection rules introduced in 2018. The £800m claim would be the largest group action personal data claim in UK history in the event that all the 400,000 people affected will join the claim.

These events are a salutary reminder to all customer facing businesses that with the advent of GDPR and other more stringent data protection regulations, that they cannot afford to be complacent.

Travel Mole:       Computing:        Business Travel Magazine:      Standard:       CoastFM

You Might Also Read:

GDPR Data Breach Notifications & Fines Are Increasing:

 

« DarkMarket Taken Down
Social Media Has Been Weaponised »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

C3iHub

C3iHub

C3iHub was set up to drive technology and skills development on Cyber-Physical Systems (CPS) and associated Cybersecurity technologies.