[Updated] 2018 data breach : BA fined £20 million
#1
Original Poster
Join Date: Nov 2016
Programs: BAEC Silver
Posts: 457
[Updated] 2018 data breach : BA fined £20 million
This just breaking: https://www.bbc.co.uk/news/business-48905907
Mod edit: to comply with rule 7, FT requires a summary so members can decide whether to click through to the linked article
The watchdog said a variety of information was "compromised" by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.
The watchdog said BA had co-operated with its investigation and made improvements to its security arrangements.
The penalty is divided up between the other European data authorities, while the money that comes to the ICO goes directly to the Treasury.
It is up to individuals to claim money from BA, which provided no information on whether any compensation had been paid.
BA has 28 days to appeal. Willie Walsh, chief executive of IAG, said British Airways would be making representations to the ICO.
Last edited by Prospero; Jul 9, 2019 at 4:09 am Reason: to comply with rule 7
#4
Join Date: Oct 2015
Location: Vale of Glamorgan
Programs: BAEC Gold
Posts: 2,991
British Airways says it's "surprised and disappointed" by the fine. Much as many of us were by the data breach and the subsequent indifference that BA showed towards the affected customers.
#7
Join Date: Dec 2014
Location: UK
Programs: BA, U2+, SK, AF/KL, IHG, Hilton, others gathering dust...
Posts: 2,552
BA fined £183m for 2018 data breach by UK ICO
https://www.bbc.co.uk/news/business-48905907
BA has been handed a record fine by the UK Information Commissioner’s Office for the 2018 data breach. Given that the previous record was £500k (according to the BBC), £183m is a huge statement.
BA/IAG has already said it will appeal, will be interesting to see what the ICO’s reasons are for the size of the fine.
Mods - I know there are existing threads on this, so feel free to merge if you don’t think this merits a separate thread.
#11
Join Date: Feb 2009
Posts: 1,060
With 45 million passengers per year, it’s only an extra £4 on every ticket. I do wonder what the point of these massive fines are when it is easy for a major company to pass the (minor) cost on to a large number of consumers. Surely better to fine board members or executives.
#13
Join Date: Oct 2015
Location: Vale of Glamorgan
Programs: BAEC Gold
Posts: 2,991
The ICO website offers further information about the fine.
The ICO’s investigation has found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.
Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
#14
Join Date: Oct 2017
Location: London
Programs: BA Gold / OW Emerald
Posts: 753
I love how BA is trying to make us believe that a simple XSS attack is "sophisticated".
Maybe I should wear a tuxedo next time I practice my penetration testing skills. Then I'd be sophisticated.
Maybe I should wear a tuxedo next time I practice my penetration testing skills. Then I'd be sophisticated.