British Airways Faces £Multimillion Fine

British Airways faces the threat of legal action over the unprecedented data breach that saw 380,000 passengers’ bank details stolen. The airline is already facing a fine of up to £500 million from the Information Commissioner’s Office for the breach. Under the European General Data Protection Regulation companies can be fined up to £17 million or four per cent of global turnover, whichever is bigger.

Last year BA’s total revenue was just over £12.2 billion, meaning it could face a fine of £489 million if the ICO takes action.

A law firm specialising in challenging big companies now claims that each passenger may be able to claim £1,250, potentially costing the carrier £475 million.

BA has already said it will compensate passengers for any financial loss, including money stolen from bank accounts. The airline has also pledged to pay for a 12-month credit-rating monitoring service for those affected. BA said: “The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed.”

However, legal firm SPG Law said that it was seeking compensation on behalf of passengers for the “inconvenience, distress and misuse” of their private information.

The UK arm of the US giant Sanders Phillips Grossman claimed that BA should also pay for non-material damage, saying that it was a requirement under the Data Protection Act 2018 and General Data Protection Regulation (GDPR), which came into force in May.

The firm said that its US parent company had already acted against companies including Yahoo, Wendy’s, Target and Anthem over data breaches. A criminal inquiry into the incident is being led by specialist officers from the National Crime Agency. The ICO is carrying out its own investigation.

SPG Law told the newspaper that it had sent a “letter before action” to BA asking it to begin settlement discussions. The letter says that any failure to do so would be followed by an application for a group litigation order to allow the courts to manage a number of claims against the airline together. Partner Tom Goodhead reportedly said: “Unfortunately, this is the latest in a number of catastrophic failures in BA’s IT systems.

“Unlike previous failures, however, this data breach has caused serious inconvenience and distress to nearly 400,000 people. BA is liable to compensate for non-material damage under the Data Protection Act 2018 and SPG Law will hold it to account.”

BA was warned earlier this year that it was vulnerable to hackers, according to reports over the weekend.
The airline said that the breach was the result of a “very sophisticated, malicious criminal attack on our website”.
Chairman and chief executive Alex Cruz stressed that the carrier acted as quickly as it could.

“We became aware initially on that day and we began to work on it,” he said. “We discovered that something had happened, and immediately we began to work.”

He apologised for the failure, adding that BA was “100% committed” to compensating customers who had been financially affected.

BA admitted that 380,000 customers’ bank details could have been stolen from its website and app. Passengers’ data had been compromised from 10.58pm on August 21 until the breach was discovered and stopped at 9.45pm on Wednesday 5th September.

Travel Weekly

You Might Also Read: 

British Airways Data Breach:

 

« N. Korean Hacker Fingered For Wannacry Attacks
UK Victims Lose £28m To Cybercrime In 6 Months »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Bigbee Technology

Bigbee Technology

Bigbee Technology are an IT solutions company based in Dar es Salaam founded by a group of professionals from around the globe.

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.

Redblock

Redblock

Redblock's mission is to eliminate the drudgery and repetitive 'eye on the glass' work done by Security Teams.