British Airways Faces £Multimillion Fine

British Airways faces the threat of legal action over the unprecedented data breach that saw 380,000 passengers’ bank details stolen. The airline is already facing a fine of up to £500 million from the Information Commissioner’s Office for the breach. Under the European General Data Protection Regulation companies can be fined up to £17 million or four per cent of global turnover, whichever is bigger.

Last year BA’s total revenue was just over £12.2 billion, meaning it could face a fine of £489 million if the ICO takes action.

A law firm specialising in challenging big companies now claims that each passenger may be able to claim £1,250, potentially costing the carrier £475 million.

BA has already said it will compensate passengers for any financial loss, including money stolen from bank accounts. The airline has also pledged to pay for a 12-month credit-rating monitoring service for those affected. BA said: “The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed.”

However, legal firm SPG Law said that it was seeking compensation on behalf of passengers for the “inconvenience, distress and misuse” of their private information.

The UK arm of the US giant Sanders Phillips Grossman claimed that BA should also pay for non-material damage, saying that it was a requirement under the Data Protection Act 2018 and General Data Protection Regulation (GDPR), which came into force in May.

The firm said that its US parent company had already acted against companies including Yahoo, Wendy’s, Target and Anthem over data breaches. A criminal inquiry into the incident is being led by specialist officers from the National Crime Agency. The ICO is carrying out its own investigation.

SPG Law told the newspaper that it had sent a “letter before action” to BA asking it to begin settlement discussions. The letter says that any failure to do so would be followed by an application for a group litigation order to allow the courts to manage a number of claims against the airline together. Partner Tom Goodhead reportedly said: “Unfortunately, this is the latest in a number of catastrophic failures in BA’s IT systems.

“Unlike previous failures, however, this data breach has caused serious inconvenience and distress to nearly 400,000 people. BA is liable to compensate for non-material damage under the Data Protection Act 2018 and SPG Law will hold it to account.”

BA was warned earlier this year that it was vulnerable to hackers, according to reports over the weekend.
The airline said that the breach was the result of a “very sophisticated, malicious criminal attack on our website”.
Chairman and chief executive Alex Cruz stressed that the carrier acted as quickly as it could.

“We became aware initially on that day and we began to work on it,” he said. “We discovered that something had happened, and immediately we began to work.”

He apologised for the failure, adding that BA was “100% committed” to compensating customers who had been financially affected.

BA admitted that 380,000 customers’ bank details could have been stolen from its website and app. Passengers’ data had been compromised from 10.58pm on August 21 until the breach was discovered and stopped at 9.45pm on Wednesday 5th September.

Travel Weekly

You Might Also Read: 

British Airways Data Breach:

 

« N. Korean Hacker Fingered For Wannacry Attacks
UK Victims Lose £28m To Cybercrime In 6 Months »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

British Assessment Bureau

British Assessment Bureau

The British Assessment Bureau is an ISO certification body. We check conformity and compliance of companies to recognised ISO standards including ISO 27001.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.

Kaavalan

Kaavalan

Kaavalan was founded with a mission and a vision to protect you against cyber threats in the connected world.

Soteria LLC

Soteria LLC

Soteria LLC are a client-focused organization providing expert advisory, consulting services, and tailored solutions to prevent, detect, and respond to cybersecurity incidents.