British Airways To Be Fined Nearly Rs 15.6 Billion For 2018 Data Breach

With an aim to protect personal data, UK’s Information Commissioner's Office (ICO) has released a new data security law. Under this law, British Airways’ parent company International Airlines Group (IAG) is liable to a fine of Rs 16 billion for its data breach last year. This data theft had affected approximately 500,000 customers visiting its website and booking tickets online.

General Data Protection Regulation

As a result of the General Data Protection Regulation (GDPR), the ICO has levied a fine of Rs 15.6 billion on British Airways for its poor security management that led to a serious data breach. The amount of penalty is equal to 1.5 percent of the airline's global turnover in 2017.

On the other hand, British Airways announced that it intended to lodge an appeal against the penalty. According to GDPR, regulators have the right to impose a fine on companies, which can account for 4 percent maximum of the firms' worldwide turnover for their failure to protect customers' data.

Threats To Customers' Personal Information

British Airways' poor security had given hackers an opportunity to divert its website traffic to a fake site. The ICO mentioned that when accessing this website, customers would have their personal information such as names, addresses, booking details, login information, and payment card details exposed. Elizabeth Denham, the information commissioner said: 

Alex Cruz, the chairman, and chief executive of British Airways said in a statement.

Willie Walsh, IAG Chief Executive, said that the firm would have an opportunity to make representations to the ICO as to the proposed findings and sanction. Walsh said:

Since the data breach, IAG shares have fallen 0.8 percent from 453.3 to 452.7 pence at 0810 GMT.

Gerald Khoo, Transport Analyst at Liberum Capital Limited stated that the proposed penalties worth approximately 9 pence per IAG share. Khoo said:

Until now, the largest fine is nearly Rs 42.7 million that was imposed on Facebook in 2018 for its data scandal Cambridge Analytica. According to the ICO, under the GDPR, the fine would have been surely higher.