Data leak at British Airways

Author: Mario Schmidtgen
Date: 10.07.2019

200 million Euro fine

Due to a data leak the British airline British Airways now has to pay a fine of 183.39 million British pounds, around 205 million euros. This was announced by the British data protection authority ICO (Information Commissioner’s Office). The airline can still appeal against the decision under the General Data Protection Regulation.

Background was the attack of hackers in summer 2018, during which they got access to personal data of more than 500.000 customers of the airline. A security hole in the booking system on the website made it possible to copy names, addresses, e-mail addresses as well as credit card and bank details. British Airways initially estimated that 380,000 customers were affected, but this figure had to be revised upwards.

Lack of safety level

According to the ICO, the reasons for the data theft were “weak security precautions” at the airline. “People’s personal data is exactly that: personal. If an organization doesn’t protect them from loss, damage or theft, it’s more than an inconvenience,” commented UK privacy commissioner Elizabeth Denham.

British Airways CEO Alex Cruz said he was “surprised and disappointed” by the decision of the data protection authority. The airline quickly took action against the data theft. Furthermore, there had been no fraudulent activities within the scope of the stolen data. The head of the parent company IAG (International Airline Group), Willie Walsh, announced that he would lodge an appeal.

A few weeks before the data scandal, British Airways had already been accused of not handling customer data with sufficient care and of selling personal data to third parties and advertising companies.