BA fine for data breach in 2018 sharply reduced
BA's fine for a data breach in 2018 has been sharply reduced because of new information and worries over its impact on the struggling airline in the face of the coronavirus pandemic. The UK’s data protection regulator reduced the fine to GBP20m for a breach that exposed personal and financial data of more than 400,000 customers in 2018 from the proposed GBP183m announced last year. The Information Commissioner’s Office said the fine, although its biggest to date, had been cut as it took into account the financial damage Covid-19 had caused as part of a wider regulatory position set out in April. The lower fine, provisionally set in July 2019, will come as a relief to the airline, which had vigorously contested the scale of the original penalty. “We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation,” BA said. The ICO said that the attacker potentially accessed sensitive information of BA customers, including names, addresses, payment card numbers and CVV codes. The regulator also pointed to a number of measures that the company could have taken to reduce the risk, such as rigorous testing of its cyber-defences and multi-factor authentication. The ICO added that following the attack, BA had made “considerable improvements” to its cyber security.<br/>
https://portal.staralliance.com/cms/news/hot-topics/2020-10-19/oneworld/ba-fine-for-data-breach-in-2018-sharply-reduced
https://portal.staralliance.com/cms/logo.png
BA fine for data breach in 2018 sharply reduced
BA's fine for a data breach in 2018 has been sharply reduced because of new information and worries over its impact on the struggling airline in the face of the coronavirus pandemic. The UK’s data protection regulator reduced the fine to GBP20m for a breach that exposed personal and financial data of more than 400,000 customers in 2018 from the proposed GBP183m announced last year. The Information Commissioner’s Office said the fine, although its biggest to date, had been cut as it took into account the financial damage Covid-19 had caused as part of a wider regulatory position set out in April. The lower fine, provisionally set in July 2019, will come as a relief to the airline, which had vigorously contested the scale of the original penalty. “We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation,” BA said. The ICO said that the attacker potentially accessed sensitive information of BA customers, including names, addresses, payment card numbers and CVV codes. The regulator also pointed to a number of measures that the company could have taken to reduce the risk, such as rigorous testing of its cyber-defences and multi-factor authentication. The ICO added that following the attack, BA had made “considerable improvements” to its cyber security.<br/>
