British Airways has been fined £20m ($26m) by the Information Commissioner’s Office (ICO) for a data breach which affected more than 400,000 customers. The breach took place in 2018 and affected both personal and credit card data.
The fine is considerably smaller than the £183m that the ICO originally said it intended to issue back in 2019. It said “the economic impact of Covid-19” had been taken into account. However, it is still the largest penalty issued by the ICO to date.
The incident took place when British Airways ‘s systems were compromised by its attackers, and then modified to harvest customers’ details as they were input. It was two months before British Airways was made aware of it by a security researcher, and then notified the ICO. The data stolen included log in, payment card and travel booking details as well name and address information.
British Airways said it had alerted customers as soon as it had found out about the attack on its systems. Numerous measures could have been taken by British Airways, according to the investigation, including undertaking rigorous testing, in the form of simulating a cyberattack, on the business’ systems; protecting employee and third party accounts with multi-factor authentication; and limiting access to applications, data and tools to only that which are required to fulfil a user’s role. However, the investigation noted that the carrier has made considerable improvements to its IT security since the attack.
For further information on this topic please click on the following link.
Source: www.ico.org.uk