British Airways Fined $229 Million for 2018 Data Breach The fine is the largest ICO has levied against a company, far outweighing the £500,000 Facebook had to pay for the Cambridge Analytica scandal.

By Adam Smith

This story originally appeared on PCMag

You're reading Entrepreneur Europe, an international franchise of Entrepreneur Media.

via PC Mag

The Information Commissioner's Office (ICO), a data security watchdog in the U.K., has fined British Airways £183 million (approximately $229 million) for the company's poor security practices that let hackers gather information about the names, email addresses and credit card numbers of 380,000 transactions and affected 500,000 customers.

The hack, which took place in June 2018, was conducted using the digital equivalent of a credit card skimmer -- injecting scripts that stole sensitive information from online payment forms or through compromised third-party suppliers. Security researchers at RiskIQ, which examined the attack, said that "only 22 lines of script victimized 380,000 people."

The ICO confirmed that the airline had cooperated with the investigation and made improvements to its security arrangements, however Alex Cruz, British Airways' chairman and chief executive, said the airline was "surprised and disappointed," according to the BBC.

"British Airways responded quickly to a criminal act to steal customers' data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused." The company still has 28 days to appeal the fine.

In a statement, Information Commissioner Elizabeth Denham said, "People's personal data is just that -- personal. When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear -- when you are entrusted with personal data you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

This is reportedly the biggest fine that the ICO has levied on a company, far outweighing the £500,000 Facebook had to pay for its role in the Cambridge Analytica scandal. This is because of the General Data Protection Regulation (GDPR), which replaced the 1998 Data Protection Act and increased the maximum fine to 4 percent of a company's turnover.

British Airways' penalty is only 1.5 percent of its 2017 turnover, so it's possible we will see larger punishments given to companies in future. The money British Airways hands over will be divided up between other European data regulators, with the money the ICO receives going directly to the U.K. government.

Adam Smith

Contributing Editor PC Mag UK

Adam Smith is the Contributing Editor for PCMag UK, and has written about technology for a number of publications including What Hi-Fi?, Stuff, WhatCulture, and MacFormat, reviewing smartphones, speakers, projectors, and all manner of weird tech. Always online, occasionally cromulent, you can follow him on Twitter @adamndsmith.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Related Topics

Business Ideas

55 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


As a Black Woman CEO, I Built a Remote Company Not Just to Save Money — But to Mirror My Commitment to Diversity. Here's How.

To fuel innovation and global success, you absolutely need diverse perspectives — and having team members all across the world with varying thought processes, life experiences and viewpoints is the key.

Business News

Lululemon Founder Bashes Company's 'Diversity and Inclusion', Calls Models 'Not Inspirational': 'You're Not Everything to Everybody'

Chip Wilson left the company in 2015 after controversial comments forced him to step down as CEO in 2013.

Business News

Vice Will No Longer Publish Content on Its Website, Lays Off Hundreds of Staffers

Vice Media CEO Bruce Dixon announced the news in an internal memo to employees on Thursday.