Originally Posted by
rpjs
Never mind telling BA, a Data Protection Act breach as serious as that needs to be reported to the Information Commissioner's Office.
+1 The concern that the ICO would have is whether this is a complete one-off by some BA person mistyping an email address somehow... or is a systemic problem.
