British Airways has been fined £20 million by the Information Commissioner’s Office (ICO) after a data breach in 2018 which involved over 400,000 customers. During the breach, bank card information, addresses, names and other sensitive data were stolen by cyber criminals.
Given the extent of the breach, which the ICO confirmed “included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.
“When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear. When you are entrusted with personal data you must look after it, said ICO official.
After initially fining the airline a whopping £ 183.9 million in 2019, the ICO downgraded the penalty partially due to the ongoing economic impact of the COVID crisis. The £20 million penalty represents the largest fine levied by the ICO to date, but is significantly lighter than the original judgment in 2019.