Airline Faces £800m Penalty For Customer Data Breach

British Airways (BA) has to deal with claims from a 2018 data breach which could cost more than £800 million. Over 400,000 customers had their bank credit cards and personal data stolen from BA’s website. Usernames and passwords of BA employee and administrator accounts, as well as usernames and PINs of up to 612 BA Executive Club accounts, were also potentially accessedSome passengers were diverted to a fake website, which harvested their details.

A recent High Court ruling means that customers can claim compensation against the airline and over 16,000 have started the process. If successful, the compensation per claimant would likely be around £2,000 each, meaning that if  all the people affected claim, the total penalty would be £800 million.

The UK Information Commissioner (ICO) originally planned to fine BA £183 million for the breach, the largest penalty in the watchdog’s history. This was later reduced to £20 million as the airline faced serious financial pressures during the Covid-19 pandemic. The ICO said that  BA could have taken measures to reduce the risk, such as the testing of its cyber-defenders

In a statement the airline said: "We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber-attack... We do not recognise the damages figures put forward, and they have not appeared in the claims." It is understood that BA has considerably improved its cyber security since the attack.

The BA case is the first group lawsuit of its kind to be brought under GDPR data protection rules introduced in 2018. The £800m claim would be the largest group action personal data claim in UK history in the event that all the 400,000 people affected will join the claim.

These events are a salutary reminder to all customer facing businesses that with the advent of GDPR and other more stringent data protection regulations, that they cannot afford to be complacent.

Travel Mole:       Computing:        Business Travel Magazine:      Standard:       CoastFM

You Might Also Read:

GDPR Data Breach Notifications & Fines Are Increasing:

 

« DarkMarket Taken Down
Social Media Has Been Weaponised »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.