British Airways faces a $230 million fine.
Andrew Hoyle/CNET
The UK’s Information Commissioner’s Office (ICO) on Monday revealed its plan to slap British Airways with a £183.4 million ($230M) fine over a 2018 data breach. Since the fine comes under General Data Protection Regulation (GDPR), it’s 1.5% of BA’s global turnover for the year.
“People’s personal data is just that — personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience,” Information Commissioner Elizabeth Denham said.
“That’s why the law is clear — when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
“We are surprised and disappointed in this initial finding from the ICO. British Airways responded quickly to a criminal act to steal customers’ data,” Alex Cruz, BAs’s chairman and chief executive, said. “We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”
“British Airways will be making representations to the ICO in relation to the proposed fine,” Willie Walsh, chief executive of BA parent company International Airlines Group, said.
“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”