Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > British Airways | Executive Club
Reload this Page >

[Updated] 2018 data breach : BA fined £20 million

[Updated] 2018 data breach : BA fined £20 million

Old Jul 8, 19, 1:21 am
  #1  
Original Poster
 
Join Date: Nov 2016
Programs: BAEC Gold
Posts: 321
[Updated] 2018 data breach : BA fined £20 million


Mod edit: to comply with rule 7, FT requires a summary so members can decide whether to click through to the linked article

The watchdog said a variety of information was "compromised" by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.
The watchdog said BA had co-operated with its investigation and made improvements to its security arrangements.
The penalty is divided up between the other European data authorities, while the money that comes to the ICO goes directly to the Treasury.
It is up to individuals to claim money from BA, which provided no information on whether any compensation had been paid.
BA has 28 days to appeal. Willie Walsh, chief executive of IAG, said British Airways would be making representations to the ICO.
dodgeflyer likes this.

Last edited by Prospero; Jul 9, 19 at 5:09 am Reason: to comply with rule 7
Starship73 is offline  
Old Jul 8, 19, 1:24 am
  #2  
 
Join Date: Nov 2010
Posts: 4,852
What will happen to Alex's bonus now?
rapidex is offline  
Old Jul 8, 19, 1:31 am
  #3  
 
Join Date: Jun 2015
Location: LHR, LGW
Programs: BAEC
Posts: 2,442
Originally Posted by rapidex View Post
What will happen to Alex's bonus now?
It will go up of course
rockflyertalk is offline  
Old Jul 8, 19, 1:31 am
  #4  
 
Join Date: Oct 2015
Location: Cardiff
Programs: BAEC Gold
Posts: 1,688
British Airways says it's "surprised and disappointed" by the fine. Much as many of us were by the data breach and the subsequent indifference that BA showed towards the affected customers.
Misco60 is offline  
Old Jul 8, 19, 1:32 am
  #5  
 
Join Date: Nov 2018
Posts: 64
Good news for the class action lawsuit?
acucobol is online now  
Old Jul 8, 19, 1:41 am
  #6  
 
Join Date: Nov 2011
Programs: BAEC
Posts: 283
Any fine will probably just be passed onto us. Probably bad news.
Wong Jnr, origin, wrp96 and 3 others like this.
u01sss3 is offline  
Old Jul 8, 19, 1:49 am
  #7  
 
Join Date: Dec 2014
Location: UK
Programs: BA, U2+, SK, AF/KL, IHG, Hilton, others gathering dust...
Posts: 2,325
BA fined £183m for 2018 data breach by UK ICO


https://www.bbc.co.uk/news/business-48905907

BA has been handed a record fine by the UK Information Commissionerís Office for the 2018 data breach. Given that the previous record was £500k (according to the BBC), £183m is a huge statement.

BA/IAG has already said it will appeal, will be interesting to see what the ICOís reasons are for the size of the fine.

Mods - I know there are existing threads on this, so feel free to merge if you donít think this merits a separate thread.
Oaxaca is offline  
Old Jul 8, 19, 1:51 am
  #8  
 
Join Date: May 2014
Posts: 2,422
...and to think Alex was saying, at staff briefings, that "we won't be fined".

Yet another stirling success of IAG's Group IT strategy.
Dover2Golf and becks1 like this.
13901 is online now  
Old Jul 8, 19, 1:52 am
  #9  
 
Join Date: May 2010
Location: UK
Programs: BAEC Bronze
Posts: 5,257
Yes, the reasons would be helpful. This does seem very large, especially if BA cooperated fully.
Flexible preferences is offline  
Old Jul 8, 19, 1:59 am
  #10  
 
Join Date: Jan 2006
Location: London
Programs: BA Gold, VS Silver, Alitalia Freccia Alta, Starwood Gold, Hilton Diamond, Accor Platinum
Posts: 398
Good. A few more of these and firms will start taking information security seriously.
colm is offline  
Old Jul 8, 19, 2:04 am
  #11  
 
Join Date: Feb 2009
Posts: 920
Originally Posted by u01sss3 View Post
Any fine will probably just be passed onto us. Probably bad news.
With 45 million passengers per year, itís only an extra £4 on every ticket. I do wonder what the point of these massive fines are when it is easy for a major company to pass the (minor) cost on to a large number of consumers. Surely better to fine board members or executives.
muscat is offline  
Old Jul 8, 19, 2:04 am
  #12  
 
Join Date: Mar 2019
Posts: 123
Who does the penalty money go to? Those affected?

I dropped out the lawsuit as I had no faith in SPG Law, I hope that isn't something I will come to regret!
Sailbot3310 is offline  
Old Jul 8, 19, 2:05 am
  #13  
 
Join Date: Oct 2015
Location: Cardiff
Programs: BAEC Gold
Posts: 1,688
The ICO website offers further information about the fine.

The ICOís investigation has found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.

Information Commissioner Elizabeth Denham said: ďPeopleís personal data is just that Ė personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. Thatís why the law is clear Ė when you are entrusted with personal data you must look after it. Those that donít will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.Ē
wrp96 likes this.
Misco60 is offline  
Old Jul 8, 19, 2:05 am
  #14  
 
Join Date: Oct 2017
Location: London
Programs: BA Gold / OW Emerald
Posts: 731
I love how BA is trying to make us believe that a simple XSS attack is "sophisticated".

Maybe I should wear a tuxedo next time I practice my penetration testing skills. Then I'd be sophisticated.
thebigben is offline  
Old Jul 8, 19, 2:06 am
  #15  
 
Join Date: Feb 2016
Posts: 268
Will be interesting to see if this has any effect on AC's position. My only hope would be that frontline staff aren't made to bear the brunt of management mistakes.
Dover2Golf likes this.
Cw novice is offline  

Thread Tools
Search this Thread
Search Engine: