Saturday, 17 October 2020

£20 million fine British Airways over data breach - lucky to escape much bigger fine.

The UK's British Airways has been lucky to escape a massive £100+ million fine from the Information Commissioner's Office (ICO) over a massive data breach in 2018.

The ICO had previously said it would fine the bugling airline  £183 million, however because of the current situation affecting the entire airline industry, the regulator let BA off with a minor slap on the wrist and a fine of £20 million.

The breach took place in 2018, where more than 400,000 BA customers had almost all of their personal and credit card data stolen in an incident where BA's systems were totally compromised by its attackers, and then modified to harvest customers' details as they were input.

The attack lasted some two months before BA put a halt to it,  thanks only to a security researcher, who notified the airline of problem.  A subsequent investigation found the airline had insufficient security measures, such as multi-factor authentication. Such measures were available on the Microsoft operating system that BA was using at the time of the data breach.

"When organisations take poor decisions around people's personal data, that can have a real impact on people's lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security," said Information Commissioner Elizabeth Denman.

British Airways claimed it had told customers as soon as it found out about the hack,  although security advisors say there was a delay of at least two days before the breach was made public. "We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation," an airline spokesperson said.

BA can thank the current coronavirus pandemic for getting so much off the fine from the ICO, otherwise, it could have been very grave for the carrier. The office is understood to also be investigating another breach of data at the airline, however, few details have been released about this ongoing enquiry.

Recommended for you...

No comments: