British Airways receives $20M fine for cyber-incident
The UK Information Commissioner’s Office (ICO) has fined British Airways (BA) £20 million ($25 million). The commission found the airline responsible for failing to protect over 400,000 of its customers’ personal and financial data, which was leaked during a cyber-attack incident in 2018. While significant, the financial penalty is around 25 times lower than the “worst-case” scenario.
Following a two-year investigation, the ICO found that British Airways was processing “a significant” amount of its customers’ private data without proper security measures. Had the airline identified and resolved weaknesses of its security measures, it could have prevented the 2018 cyber-attack “being carried out in this way,” the commission outlined in a statement on October 16, 2020.
British Airways cyber-attack
British Airways revealed that it had been subject to a cyber-attack on September 6, 2018.
“From 22:58 (BST) August 21, 2018, until 21:45 (BST) September 5, 2018, inclusive, the personal and financial details of customers making bookings on ba.com and the airline’s app were compromised,” the airline’s statement read.
At that time, it was estimated that hackers obtained personal data of around 380,000 BA’s customers, including names, addresses, credit card numbers, expiry dates and security codes, but not travel or passport details, as the airline stressed.
"We discovered that something had happened but we didn't know what it was [on the evening of September 5, 2018]. So overnight, teams were trying to figure out the extent of the attack,” the airline’s Chairman and Chief Executive Alex Cruz was quoted as saying by the BBC at that time. "The first thing was to find out if it was something serious and who it affected or not. The moment that actual customer data had been compromised, that's when we began immediate communication to our customers."
However, the ICO announcement indicates that the data breach actually affected around 429,612 BA’s customers and staff. Among them, there are around 244,000 people whose names, addresses, payment card numbers, and CVV numbers are believed to have been accessed by the attacker.
Historic £20M fine against BA
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result,” ICO investigators outlined in the statement. “That’s why we have issued BA with a £20m fine – our biggest to date.”
However, the biggest fine to date is actually not that great when taken into the account that the initial, worst-case estimation pointed to a 25 times greater sum.
After the information about the BA’s cyber-attack became public in 2018, experts counted that the airline might be subject to up to £489 million ($637 million) fine ‒ 4% of its annual global revenue in 2017.
In June 2019, ICO issued the airline with a notice of intent to fine, finally revealing the actual size of the proposed financial penalty. In reality, the authority was proposing a £183.39 million fine against the air carrier, which was equal to approximately 1.5% of BA’s revenue in 2017.
So how did the fine go from the intended £183.39 million to the actual £20 million? Well, COVID-19 happened. “As part of the regulatory process the ICO considered both representations from BA and the economic impact of COVID-19 on their business before setting a final penalty,” the authority explained in its latest statement.
British Airways flight forced to land over burning smell in cabin
A British Airways plane flying from the United Kingdom to Italy had to make an emergency landing at Heathrow airport sho...
Cathay to restructure, behead Dragon and cut 6000 jobs
Hong Kong flag carrier Cathay Pacific announced plans to discontinue Cathay Dragon regional airline and lay off 17% of t...
Lufthansa suffers €1.26 billion loss, expects more
Deutsche Lufthansa, the largest German airline, reported an operating loss of €1.26 billion in the third quarter of...
Aviation recovery in Brazil
Brazil, like Mexico, was one of the first countries to open up its airspace in South America. The state has increased ca...
China Express to expand fleet with 100 COMAC order
China Express Airlines confirmed its intentions to expand its fleet by 100 brand-new aircraft. The airline plans to acqu...