BA fined £183m over computer theft of passenger data

The hack affected 380,000 payments, prompting a criminal inquiry

LONDON, UNITED KINGDOM - SEPTEMBER 27: British Airways in runway at the Heathrow Airport on 27 September 2017, in London, United Kingdom. (Photo by studioEAST/Getty Images)
Powered by automated translation

British Airways has been fined more than £183 million (Dh843.9m) after computer hackers stole the bank details from hundreds of thousands of passengers.

In a statement on Monday, the firm’s parent group, IAG, said Britain’s Information Commissioner’s Office intended to issue the airline with a penalty notice under the UK Data Protection Act, totalling £183.4m.

The cyberattack took place over 15 days last year.

British Airways notified thousands of customers last year and urged them to cancel their credit cards.

Those affected had made reward bookings with the airline between April 21 and July 28, 2018, and had used a payment card.

The hack affected 380,000 payments, prompting a criminal inquiry led by cybercrime specialist officers from the UK’s National Crime Agency.

Last year, IAG said: “While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution.”

BA’s data breach took place after the introduction of the UK’s new Data Protection Act, which includes the provisions of the European General Data Protection Regulation.

Under the new regulations, the maximum penalty for a company hit with a data breach is a fine of either £17m or 4 per cent of global turnover, whichever is greater.