BA faces record £183m data breach fine
British Airways faces a fine of more than £183 million following the theft of customer data from its website last year.
The airline revealed today that it had received a penalty notice from the UK Information Commissioner’s Office (ICO) and that it plans to appeal.
The ICO has indicated that it proposes to impose a penalty of £183,390,000 – equivalent to 1.5% of BA’s worldwide turnover for the 2017 financial year.
The proposed penalty relates to a data breach disclosed on September 6 and October 25, 2018 affecting an estimated 500,000 customers.
The hack hit 380,000 direct customer transactions.
The penalty notice is to be issued under the UK Data Protection Act.
The ICO said it was the biggest penalty it had ever handed out and the first to be made public under new rules.
The General Data Protection Regulation (GDPR) came into force last year and was the biggest change to data privacy in 20 years.
BA has 18 days to appeal.
BA chairman and chief executive Alex Cruz said: “We are surprised and disappointed in this initial finding from the ICO.