British Airways has been charged £20 million

21.10.2020

Back to news

British Airways have been charged £20 million instead of paying £183 million – the initial fine imposed by the Information Commissioner’s Office.

The breach which exposed personal data of about 400,000 clients in June 2018 and remained undiscovered for two months. The previous penalty was derived from a fact that the company had improper security measures in place before the privacy incident occurred. The ICO conducted an investigation and concluded that processing personal data could have been more protected and all the shortages within a system should have been detected promptly.

Among the possible measures which could have been taken by British Airways there were cyberattack simulation and multi-factor authentication suggested.

Customer log in details, payment card data and travel/booking information was compromised.

The defensive attempt of BA in court together with the pandemic force majeure impact on businesses lowered the fine down to £20 million.