Airline Faces £800m Penalty For Customer Data Breach

British Airways (BA) has to deal with claims from a 2018 data breach which could cost more than £800 million. Over 400,000 customers had their bank credit cards and personal data stolen from BA’s website. Usernames and passwords of BA employee and administrator accounts, as well as usernames and PINs of up to 612 BA Executive Club accounts, were also potentially accessedSome passengers were diverted to a fake website, which harvested their details.

A recent High Court ruling means that customers can claim compensation against the airline and over 16,000 have started the process. If successful, the compensation per claimant would likely be around £2,000 each, meaning that if  all the people affected claim, the total penalty would be £800 million.

The UK Information Commissioner (ICO) originally planned to fine BA £183 million for the breach, the largest penalty in the watchdog’s history. This was later reduced to £20 million as the airline faced serious financial pressures during the Covid-19 pandemic. The ICO said that  BA could have taken measures to reduce the risk, such as the testing of its cyber-defenders

In a statement the airline said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber-attack... We do not recognise the damages figures put forward, and they have not appeared in the claims." It is understood that BA has considerably improved its cyber security since the attack.

The BA case is the first group lawsuit of its kind to be brought under GDPR data protection rules introduced in 2018. The £800m claim would be the largest group action personal data claim in UK history in the event that all the 400,000 people affected will join the claim.

These events are a salutary reminder to all customer facing businesses that with the advent of GDPR and other more stringent data protection regulations, that they cannot afford to be complacent.

Travel Mole:       Computing:        Business Travel Magazine:      Standard:       CoastFM

You Might Also Read:

GDPR Data Breach Notifications & Fines Are Increasing:

 

« DarkMarket Taken Down
Social Media Has Been Weaponised »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

Security IT Summit

Security IT Summit

The Security IT Summit is a unique one-day event which allows senior IT & Cyber security professionals to meet with innovative and competitive suppliers to the industry.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

CTR Secure Services

CTR Secure Services

CTR Secure Services provides a broad range of security consulting services from asset protection to cyber security.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

CyberOwl

CyberOwl

CyberOwl's early warning system uses a probabilistic framework to systematically aggregate uncertain and disparate security events to provide real-time visibility of threats to every asset.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Sandstone

Sandstone

Sandstone is a strategic intelligence firm providing compliance and integrity investigation, risk advisory assessment, enhanced due diligence, information security advice and litigation support.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

CerraCap Ventures

CerraCap Ventures

CerraCap Ventures invest globally into early-stage B2B companies in Healthcare, Enterprise AI and Cyber Security.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.