Today the proposed fine for British Airways was announced as £183.39 million by the ICO.
IAG, the company which owns BA, has 28 days to appeal the fine and has stated that they intend to do so.
The fine is in relation to the theft of customers’ personal and financial information between June and September 2018 in a hack on ba.com and the respective app which has been described as a very sophisticated, malicious criminal attack.
This is by far the largest fine imposed by the ICO on a breach by a company since the GDPR regulations were updated in May 2018. That said, the fine is only 1.5% of BA’s global turnover, much less than the maximum possible fine of 4%. It is believed that the ICO could not take the loss of personal information of 500,000 customers lightly, but it also recognises BA’s co-operation and consequent improvements to security.
Perhaps more importantly, this is also the most public data breach case since GDPR was updated, with some news sites reporting a subsequent reduction in IAG shares following the fine announcement. The stock market often reacts to news like this and will likely stabilise quickly but the public nature of the investigation will be taken seriously by those responsible for network security.
If you are concerned about your network security or would just like a closer look at the inner workings of your infrastructure, Prodec Networks offer a free Network Security Review to new and existing customers.