British Airways Fined $26m for a Data Breach Affected Over 400,000 Customers
Security Breach in 2018 Includes Leaking Of Information as Credit Card, Name, and Address
British Airways has been reportedly fined for more than $26 million for the data breach that directly affected around 400,000 individuals. The finalization for the fine has been done by the Information Commissioner’s Office (ICO) after two years since the data breach took place in 2018, and it affected both private and credit card information of the people.
The $26 million fine is considerably low in amount, as compared to the original amount of $183 million, which was initially discussed in 2019 by the ICO to compensate for the personal data breach.
Security breach in British Airways
According to the ICO, the amount of the fine has been decreased as the impact of the coronavirus pandemic has been taken into account. Up till now, this is the largest amount of penalty that has been issued by the Information Commissioner’s Office, which is more than $26 million.
The data breach incident took place when the British Airways complete system had been compromised by a group of hackers, during which they gained sensitive information regarding over 400,000 customers, including credit card details. Later after two months, British Airways was made aware of this data breach by a security researching party and then later notified the ICO.
The complete information which has been obtained illegally during the data breach includes login details, payment card information along with travel booking details, as well as the customer’s complete name and residential address.
After the thorough investigation, which occurred after the data breach incident, it was concluded that the data breach occurred as required security measures were not put into place that includes a multi-factor authentication procedure.
The Information Communication’s Office observed at the time of the data breach that the security measures which the British Airways were using two years ago were available for public usage by the Microsoft operating system.
Penalty and correction of security protocols
After the security breach, the ICO provided a statement saying that when a public organization with access to large scale public data records take irresponsible decisions, it has a direct effect on the personal lives of the people involved.
Now the laws and regulations are able to provide the required tool that could subsequently encourage those businesses to make responsible and positive decisions regarding the sensitive data, which also includes being up-to-date in the company’s security protocols to prevent a data breach in the future.
As soon as British Airways was informed regarding the data breach of their system, they immediately alerted all 400,000 customers to take the required action to safeguard their personal bank accounts.
After the data breach incident, British Airways gave a public statement via their spokesman that they are very satisfied that the ICO has recognized the commitment by the Airline firm by changing their security protocols to prevent any attack on their servers in the future since the attack in 2018. British Airways has fully provided its co-operation to the ICO regarding the investigation and the penalty.
The Data protection officer said that during the current impact of the coronavirus pandemic and the economic recession, the $26 million amount should be considered as a massive penalty for the airline for the data breach accident.
This also shows that the ICO is meant to take no chances in their business and would be willing to let any struggling firm during this time go without punishment for their failures in data protection.
British Airways faced the consequences of their irresponsible behavior after two years since the incident. The airline firm first failed to protect their firm from a cyber attack. Then later, the company was unable to detect the attack on time, and it was noticed by a third party after extensive damage was done to more than 400,000 individuals.