Airline Faces £800m Penalty For Customer Data Breach

Uploaded on 2021-01-16 in FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Services-Law

British Airways (BA) has to deal with claims from a 2018 data breach which could cost more than £800 million. Over 400,000 customers had their bank credit cards and personal data stolen from BA’s website. Usernames and passwords of BA employee and administrator accounts, as well as usernames and PINs of up to 612 BA Executive Club accounts, were also potentially accessedSome passengers were diverted to a fake website, which harvested their details.

A recent High Court ruling means that customers can claim compensation against the airline and over 16,000 have started the process. If successful, the compensation per claimant would likely be around £2,000 each, meaning that if  all the people affected claim, the total penalty would be £800 million.

The UK Information Commissioner (ICO) originally planned to fine BA £183 million for the breach, the largest penalty in the watchdog’s history. This was later reduced to £20 million as the airline faced serious financial pressures during the Covid-19 pandemic. The ICO said that  BA could have taken measures to reduce the risk, such as the testing of its cyber-defenders

In a statement the airline said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber-attack... We do not recognise the damages figures put forward, and they have not appeared in the claims." It is understood that BA has considerably improved its cyber security since the attack.

The BA case is the first group lawsuit of its kind to be brought under GDPR data protection rules introduced in 2018. The £800m claim would be the largest group action personal data claim in UK history in the event that all the 400,000 people affected will join the claim.

These events are a salutary reminder to all customer facing businesses that with the advent of GDPR and other more stringent data protection regulations, that they cannot afford to be complacent.

Travel Mole:       Computing:        Business Travel Magazine:      Standard:       CoastFM

You Might Also Read:

GDPR Data Breach Notifications & Fines Are Increasing:

 

« DarkMarket Taken Down
Social Media Has Been Weaponised »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Gradient Cyber

Gradient Cyber

Gradient Cyber is a trusted cybersecurity partner specializing in small businesses and mid-market enterprises concerned about cybersecurity but lacking the staff to give it the attention it deserves.

Trustifi

Trustifi

Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.