From the original fine of £183 million on British Airways’ data breach, the Information Commissioner’s Office (ICO) reduced the amount to only £20 million due to the existing financial plight.
The settlement amount last year was also reduced following the investigators’ decision to accept the airline’s representations on the data breach incident. The UK watchdog considered British Airways’ work to address the issue, permitting a lower fine to help sustain the company’s operations.
The breach, which happened in 2018, affected 400,000 British Airways customers, exposing their personal information by hackers. Investigators noted the airline’s insufficient security measures in place, which led to the attack.
In the words of the investigators, BA suffered a two-month cyberattack and lacked adequate security to detect and defend its systems. ICO learned about the incident and weigh the circumstances faced by the company until finally coming to a decision to reduce the fine.
This incident with British Airways is a major breach under the data laws, with ICO considering heavier fines as a proportion to the company’s turnover. ICO identified the weaknesses of the airline’s security and cited how to enhance its data.
Out of the approximately 430,000 customers affected by the breach, only 244,000 people and employees had their full names, addresses, and payment card details exposed. However, the ICO still condemns the airline for its failure to protect its customers' data.
“People entrusted their personal details to BA, and BA failed to take adequate measures to keep those details secure. Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result,” said the watchdog.
Meanwhile, the airline recognizes ICO’s decision as considerate for the financial drought brought by the ongoing pandemic.
“We are pleased the ICO recognizes that we have made considerable improvements to the security of our systems since the attack and that we fully cooperated with its investigations,” said British Airways’ spokesperson.
British Airways alerted its customers in 2018 after recognizing the data breach, then cooperated with the authorities to do an investigation. ICO deduced the £150 million to put less blame on the airline and the £6 million due to the company’s response to security.
As for the pandemic’s effect on the company, ICO deduces another £4 million to provide ease to the company operations in the UK. The impact of the travel ban and frequent flying affected the company’s revenue starting in March of this year.
