British Airways faces hefty fine over data breach

Photo Credit: Vytautas Kielaitis/Shutterstock

The Information Commissioner's Office (ICO) of the U.K. has proposed a fine of 183.4 million British pounds ($229 million) against British Airways for a data breach that impacted approximately 500,000 customers last year. 

The fine would be levied for infringements of the European Union's General Data Protection Regulation. 

The proposed penalty relates to a data breach, which is believed to have lasted from June to September of last year, in which user traffic to the British Airways website was diverted to a fraudulent site. The ICO said that after an extensive investigation, it found that poor security arrangements at the airline led to customers having their names, addresses, travel booking details, payment card information and log-ins compromised. 

"People's personal data is just that -- personal," U.K. information commissioner Elizabeth Denham said in a prepared statement Monday. "When an organization fails to protect it from loss, damage or theft, it is more than an inconvenience. That's why the law is clear -- when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

The airline told the BBC that it is "surprised and disappointed" by the proposed fine. The ICO said that the airline has made improvements to its security arrangements since the breach was discovered last year. A British Airways spokesman didn't immediately respond to a Travel Weekly email seeking comment.

British Airways will have an opportunity to respond to the fine proposal before ICO makes a final decision. The airline is owned by International Airlines Group, which also owns Iberia, Vueling, Aer Lingus and Level.

JDS Travel News JDS Viewpoints JDS Africa/MI