British Airways (BA) must pay a US$25.8 million fine for lacking the proper security measures that might have prevented a hacker in 2018 from exposing the financial details of more than 400,000 customers, the UK’s Information Commissioner’s Office (ICO) announced on Friday, October 16.
“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure,” said Information Commissioner Elizabeth Denham. “Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.”
The ICO’s investigation revealed that the airline broke data protection laws by lacking sufficient security measures when processing customers’ personal information.
The cyberattack went unnoticed for over two months and was ultimately brought to the airline’s attention by a third party, TechCrunch reported.
“We alerted customers as soon as we became aware of the criminal attack on our systems in 2018, and are sorry we fell short of our customers’ expectations,” a BA spokesperson told TechCrunch. “We are pleased the ICO recognizes that we have made considerable improvements to the security of our systems since the attack and that we fully cooperated with its investigation.”
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.