British Airways fined £183m over computer theft of passenger data

Published July 8, 2019
Fine is equivalent to 1.5 per cent of British Airways' turnover in 2017. — AFP/File
Fine is equivalent to 1.5 per cent of British Airways' turnover in 2017. — AFP/File

British Airways has been fined more than £183 million after computer hackers last year stole bank details from hundreds of thousands of passengers, its parent group IAG said on Monday.

In a statement, IAG said the United Kingdom Information Commissioner's Office intends to issue the airline with a penalty notice under the UK Data Protection Act, totalling £183.39m.

The fine is equivalent to 1.5 per cent of British Airways' turnover in 2017, IAG added.

IAG chief executive Willie Walsh said it would consider appealing the fine as it seeks “to take all appropriate steps to defend the airline's position vigorously”.

British Airways's Chief Executive Officer Alex Cruz said the airline was “surprised and disappointed” by the punishment.

“British Airways responded quickly to a criminal act to steal customers' data,” he said in the statement.

“We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused,” Cruz added.

BA had revealed the hack in September, just a few months after the European Union tightened data protection laws with the so-called General Data Protection Regulation (GDPR).

The stolen data comprised customer names, postal addresses, email addresses and credit card information.

However, the 15-day breach, which was fixed on discovery, did not involve travel or passport details.

Following disclosure of the hack, BA promised to compensate affected customers and took out full-page adverts in the UK newspapers to apologise to passengers.

It had meanwhile described the mass theft as “a very sophisticated, malicious, criminal attack on our website”.

IAG is the owner of five airlines, including also Aer Lingus, Iberia, Level and Vueling, none of which were affected by the hack.

GDPR establishes the key principle that individuals must explicitly grant permission for their data to be used.

The case for the new rules had been boosted by a scandal over the harvesting of Facebook users' data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.

Now you can follow Dawn Business on Twitter, LinkedIn, Instagram and Facebook for insights on business, finance and tech from Pakistan and across the world.

Opinion

Editorial

Crisis conference
Updated 04 Feb, 2023

Crisis conference

PTI's refusal to engage with the govt in such testing times will only be seen as sign of ideological bankruptcy.
Revenge politics
04 Feb, 2023

Revenge politics

A SENSE of déjà-vu prevails as cases pile up against PTI politicians, many of whom, along with their allies and...
Inappropriate remarks
04 Feb, 2023

Inappropriate remarks

OFFICIALS of the state, especially when representing the country at international forums, need to choose their words...
Delay in the offing?
Updated 03 Feb, 2023

Delay in the offing?

Govt must realise that political stability in the country cannot be achieved by extra-constitutional actions.
Divisions in PML-N
03 Feb, 2023

Divisions in PML-N

DISCORD and drama in PML-N ranks escalated this week when Shahid Khaqan Abbasi revealed he no longer holds a party...
Wikipedia ‘downgrade’
03 Feb, 2023

Wikipedia ‘downgrade’

ATTEMPTS to police the internet by states, often by giving opaque justifications for the action, are never a good...