British Airways Faces £Multimillion Fine

British Airways faces the threat of legal action over the unprecedented data breach that saw 380,000 passengers’ bank details stolen. The airline is already facing a fine of up to £500 million from the Information Commissioner’s Office for the breach. Under the European General Data Protection Regulation companies can be fined up to £17 million or four per cent of global turnover, whichever is bigger.

Last year BA’s total revenue was just over £12.2 billion, meaning it could face a fine of £489 million if the ICO takes action.

A law firm specialising in challenging big companies now claims that each passenger may be able to claim £1,250, potentially costing the carrier £475 million.

BA has already said it will compensate passengers for any financial loss, including money stolen from bank accounts. The airline has also pledged to pay for a 12-month credit-rating monitoring service for those affected. BA said: “The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed.”

However, legal firm SPG Law said that it was seeking compensation on behalf of passengers for the “inconvenience, distress and misuse” of their private information.

The UK arm of the US giant Sanders Phillips Grossman claimed that BA should also pay for non-material damage, saying that it was a requirement under the Data Protection Act 2018 and General Data Protection Regulation (GDPR), which came into force in May.

The firm said that its US parent company had already acted against companies including Yahoo, Wendy’s, Target and Anthem over data breaches. A criminal inquiry into the incident is being led by specialist officers from the National Crime Agency. The ICO is carrying out its own investigation.

SPG Law told the newspaper that it had sent a “letter before action” to BA asking it to begin settlement discussions. The letter says that any failure to do so would be followed by an application for a group litigation order to allow the courts to manage a number of claims against the airline together. Partner Tom Goodhead reportedly said: “Unfortunately, this is the latest in a number of catastrophic failures in BA’s IT systems.

“Unlike previous failures, however, this data breach has caused serious inconvenience and distress to nearly 400,000 people. BA is liable to compensate for non-material damage under the Data Protection Act 2018 and SPG Law will hold it to account.”

BA was warned earlier this year that it was vulnerable to hackers, according to reports over the weekend.
The airline said that the breach was the result of a “very sophisticated, malicious criminal attack on our website”.
Chairman and chief executive Alex Cruz stressed that the carrier acted as quickly as it could.

“We became aware initially on that day and we began to work on it,” he said. “We discovered that something had happened, and immediately we began to work.”

He apologised for the failure, adding that BA was “100% committed” to compensating customers who had been financially affected.

BA admitted that 380,000 customers’ bank details could have been stolen from its website and app. Passengers’ data had been compromised from 10.58pm on August 21 until the breach was discovered and stopped at 9.45pm on Wednesday 5th September.

Travel Weekly

You Might Also Read: 

British Airways Data Breach:

 

« N. Korean Hacker Fingered For Wannacry Attacks
UK Victims Lose £28m To Cybercrime In 6 Months »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

Exterro

Exterro

Exterro is a leading provider of e-discovery and information governance software specifically designed for in-house legal, privacy and IT teams at Global 2000 and Am Law 200 organizations.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.