My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.

United Kingdom

British Airways Fined $229 Million for 2018 Data Breach

The fine is the largest ICO has levied against a company, far outweighing the £500,000 Facebook had to pay for the Cambridge Analytica scandal.
British Airways Fined $229 Million for 2018 Data Breach
Image credit: via PC Mag
Guest Writer
Entrepreneur, speaker and writer.
2 min read
This story originally appeared on PCMag

The Information Commissioner's Office (ICO), a data security watchdog in the U.K., has fined British Airways £183 million (approximately $229 million) for the company's poor security practices that let hackers gather information about the names, email addresses and credit card numbers of 380,000 transactions and affected 500,000 customers.

The hack, which took place in June 2018, was conducted using the digital equivalent of a credit card skimmer -- injecting scripts that stole sensitive information from online payment forms or through compromised third-party suppliers. Security researchers at RiskIQ, which examined the attack, said that "only 22 lines of script victimized 380,000 people."

The ICO confirmed that the airline had cooperated with the investigation and made improvements to its security arrangements, however Alex Cruz, British Airways' chairman and chief executive, said the airline was "surprised and disappointed," according to the BBC.

"British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused." The company still has 28 days to appeal the fine.

In a statement, Information Commissioner Elizabeth Denham said, "People's personal data is just that -- personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear -- when you are entrusted with personal data you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

This is reportedly the biggest fine that the ICO has levied on a company, far outweighing the £500,000 Facebook had to pay for its role in the Cambridge Analytica scandal. This is because of the General Data Protection Regulation (GDPR), which replaced the 1998 Data Protection Act and increased the maximum fine to 4 percent of a company's turnover.

British Airways' penalty is only 1.5 percent of its 2017 turnover, so it's possible we will see larger punishments given to companies in future. The money British Airways hands over will be divided up between other European data regulators, with the money the ICO receives going directly to the U.K. government.

More from Entrepreneur

Dustin's experience and expertise can help you monetize your message, build a marketing strategy and connect with influencers.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Are you paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.

Latest on Entrepreneur