Category Archives: British Airways

Britain’s information commissioner fines British Airways for 2018 Hack

Britain’s information commissioner has fined British Airways 20 million pounds for the 2018 hack that exposed data of 400,000 customers.

In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers.

The hackers potentially accessed the personal data of approximately 429,612 customers and staff. Exposed data included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.

Experts believe the hackers also accessed the combined card and CVV numbers of 77,000 customers and card numbers only for 108,000 customers.

An investigation conducted by researchers at RiskIQ revealed that the attack on the airline was carried out by the notorious crime gang MageCart.

Now Britain’s information commissioner (British ICO) has fined British Airways 20 million pounds (approximately $25 million) for failing to protect personal data belonging to its customers. This is the largest fine the British ICO has ever issued.

The ICO fined the airline because the company failed in implementing adequate security measures, the company detected the security breach to months later the initial compromise.

“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure.” said Information Commissioner Elizabeth Denham.

“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date.”

“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”

The ICO issued the penalty under the Data Protection Act 2018 for infringements of the GDPR.

Let’s remind that under the European Union’s General Data Protection Rules imposed in 2018, organizations face fines of up to 20 million euros ($23 million) or 4% of annual global turnover.

“The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003. This penalty was issued under the Data Protection Act 2018 for infringements of the GDPR.” concludes the ICO.

Pierluigi Paganini

(SecurityAffairs – hacking, British Airways)

The post Britain’s information commissioner fines British Airways for 2018 Hack appeared first on Security Affairs.

BA fined record £20m for customer data breach

Personal details of more than 400,000 customers accessed by hackers in 2018

A £183m fine levied on British Airways for a data breach has been reduced to £20m after investigators took into account the airline’s financial plight and the circumstances of the cyber-attack.

The £20m fine is nonetheless the biggest ever issued by the Information Commissioner’s Office (ICO), following the 2018 incident in which more than 400,000 customers’ personal details were compromised by hackers.

Continue reading...