British Airways Faces £Multimillion Fine

British Airways faces the threat of legal action over the unprecedented data breach that saw 380,000 passengers’ bank details stolen. The airline is already facing a fine of up to £500 million from the Information Commissioner’s Office for the breach. Under the European General Data Protection Regulation companies can be fined up to £17 million or four per cent of global turnover, whichever is bigger.

Last year BA’s total revenue was just over £12.2 billion, meaning it could face a fine of £489 million if the ICO takes action.

A law firm specialising in challenging big companies now claims that each passenger may be able to claim £1,250, potentially costing the carrier £475 million.

BA has already said it will compensate passengers for any financial loss, including money stolen from bank accounts. The airline has also pledged to pay for a 12-month credit-rating monitoring service for those affected. BA said: “The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed.”

However, legal firm SPG Law said that it was seeking compensation on behalf of passengers for the “inconvenience, distress and misuse” of their private information.

The UK arm of the US giant Sanders Phillips Grossman claimed that BA should also pay for non-material damage, saying that it was a requirement under the Data Protection Act 2018 and General Data Protection Regulation (GDPR), which came into force in May.

The firm said that its US parent company had already acted against companies including Yahoo, Wendy’s, Target and Anthem over data breaches. A criminal inquiry into the incident is being led by specialist officers from the National Crime Agency. The ICO is carrying out its own investigation.

SPG Law told the newspaper that it had sent a “letter before action” to BA asking it to begin settlement discussions. The letter says that any failure to do so would be followed by an application for a group litigation order to allow the courts to manage a number of claims against the airline together. Partner Tom Goodhead reportedly said: “Unfortunately, this is the latest in a number of catastrophic failures in BA’s IT systems.

“Unlike previous failures, however, this data breach has caused serious inconvenience and distress to nearly 400,000 people. BA is liable to compensate for non-material damage under the Data Protection Act 2018 and SPG Law will hold it to account.”

BA was warned earlier this year that it was vulnerable to hackers, according to reports over the weekend.
The airline said that the breach was the result of a “very sophisticated, malicious criminal attack on our website”.
Chairman and chief executive Alex Cruz stressed that the carrier acted as quickly as it could.

“We became aware initially on that day and we began to work on it,” he said. “We discovered that something had happened, and immediately we began to work.”

He apologised for the failure, adding that BA was “100% committed” to compensating customers who had been financially affected.

BA admitted that 380,000 customers’ bank details could have been stolen from its website and app. Passengers’ data had been compromised from 10.58pm on August 21 until the breach was discovered and stopped at 9.45pm on Wednesday 5th September.

Travel Weekly

You Might Also Read: 

British Airways Data Breach:

 

« N. Korean Hacker Fingered For Wannacry Attacks
UK Victims Lose £28m To Cybercrime In 6 Months »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

SecurityHQ

SecurityHQ

SecurityHQ (formerly known as Si Consult) is a Global Managed Security Service Provider (MSSP) that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Nameshield Group

Nameshield Group

Nameshield is one of most experienced domain name registrars, trademark protection specialists and managers of online reputational risk in the world today.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

BigBear.ai

BigBear.ai

BigBear.ai delivers high-end analytics capabilities across the data and digital spectrum to deliver information superiority and decision support.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.

Holiseum

Holiseum

Holiseum delivers innovative cybersecurity solutions for the critical infrastructure organizations, as well as cybersecurity services and consulting.