British Airways faces fine after hacking and data breach

Published on: 12 Jul 2019

British Airways is facing a record fine from the Information Commissioner's Office (ICO) after a cyber attack last year led to the details of more than half a million customers being compromised.

In September 2018, BA admitted it had fallen victim to a "sophisticated, malicious criminal attack" on its website during which users were diverted to a fraudulent site.

Their log-ins, payment cards, travel booking details, names, addresses and even the three-digit CVV code found on the back of credit cards was then harvested by the perpetrators.

Some 500,000 people were affected, but BA has insisted the stolen data did notinclude passport details.

Following an investigation, the ICO criticised BA's poor security arrangements and handed down a fine of £183 million.

This is the biggest penalty imposed since the General Data Protection Regulation (GDPR) came into force last year as part of the biggest alteration to privacy in 20 years.

Information Commissioner Elizabeth Denham said: "The law is clear - when you are entrusted with personal data, you must look after it."