British Airways receives $20M fine for cyber-incident

Cornelia Mascio
Ottobre 18, 2020

British Airways could have taken several cheap steps to prevent the risk of such an attack, such as limiting access to applications and protecting accounts with "multi-factor authentication", officials said.

It said the carrier, which is in the throes of an existential crisis after the coronavirus pandemic decimated demand for travel, was processing a significant amount of personal data without adequate security measures in place.

The ICO finalized a fine of almost 20 million pounds ($26 million) in connection with a 2018 data breach that exposed the personal information of about 430,000 customers.

British Airways announced in July past year that the ICO was proposing to issue a fine of more than £183million.

The British Airways airline is being fined £ 20 million (close to R $ 145 million) for being the target of a massive data leak that affected thousands of consumers.

The ICO found that BA failed to process the personal data of its customers in a manner that ensured appropriate security, as required under Article 5 (1)(f) and Article 32 of the GDPR. As the ICO characteristically points out, the airline could have applied various measures that were not technically complex nor expensive to implement at the time, but still failed to do it. It did not detect the hack for more than two months.

"We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation", a BA spokesman said. Thus, the firm has shown a willingness to comply with the strict regulatory context in an impressive way.

"While the size of the fine may be smaller than many people expected, the impact on the airline in terms of customer trust could have an even bigger impact that the financial cost". Sensitive information including the names, addresses, payment card numbers and CVV numbers of 244,000 customers were caught up in the data breach.

'When organisations take poor decisions around people's personal data, that can have a real impact on people's lives'.

"Usernames and passwords of BA employee and administrator accounts as well as usernames and PINs of up to 612 BA Executive Club accounts were also potentially accessed", the regulator said.

These include undertaking rigorous testing on its systems and protecting accounts with multi-factor authentication.

According to information commissioner Elizabeth Denham, BA's failures of prevention and detection were deserving of the biggest financial penalty ever issued by the regulator.

"We alerted clients as quickly as we grew to become conscious of the felony assault on our programs in 2018 and are sorry we fell wanting our clients' expectations", British Airways mentioned in an announcement Friday.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE