BA fined R3,2bn over computer theft of passenger data

File: British Airways passenger aircraft are pictured at London Heathrow Airport, west of London on May 3, 2019. The British flag carrier said it would not operate its aircraft in Cairo unless it felt it was safe to do so.

AFP

LONDON - British Airways has been fined more than £183-million (about R3.2-billion) after computer hackers last year stole bank details from hundreds of thousands of passengers, its parent group IAG said Monday.

In a statement, IAG said the UK Information Commissioner’s Office intends to issue the airline with a penalty notice under the UK Data Protection Act, totalling £183.39-million.

The fine is equivalent to 7% percent of British Airways' turnover in 2017, IAG added.

IAG chief executive Willie Walsh said it would consider appealing the fine as it seeks "to take all appropriate steps to defend the airline's position vigorously".

BA's CEO Alex Cruz said the airline was "surprised and disappointed" by the punishment.

"British Airways responded quickly to a criminal act to steal customers' data," he said in the statement.

READ: British Airways investigating data breach from 380,000 card payments

"We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused," Cruz added.

BA had revealed the hack in September, just a few months after the European Union tightened data protection laws with the so-called General Data Protection Regulation (GDPR).

The stolen data comprised customer names, postal addresses, email addresses and credit card information. 

However, the 15-day breach, which was fixed on discovery, did not involve travel or passport details.

Following the disclosure of the hack, BA promised to compensate affected customers and took out full-page adverts in the UK newspapers to apologise to passengers.

It had meanwhile described the mass theft as "a very sophisticated, malicious, criminal attack on our website".

Source
AFP