British Airways slapped with UK data watchdog's biggest-ever fine

[snoop1130]

British Airways slapped with UK data watchdog's biggest-ever fine

By Muvija M

 

FILE PHOTO: People board a British Airways airplane, as Croatia struggles with more cases of coronavirus disease (COVID-19), at the airport in Split, Croatia August 20, 2020. REUTERS/Antonio Bronic

 

(Reuters) - Britain's data protection watchdog said on Friday it has fined British Airways 20 million pounds - its biggest such penalty to date - for failing to protect data that left more than 400,000 of its customers' details the subject of a 2018 cyber attack.

 

The Information Commissioner's Office (ICO) said its investigators found BA should have identified weaknesses in its security and resolved them with measures available at the time, which would have prevented the data breach.

 

"Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result," the ICO said.

 

BA said in a statement that it had alerted customers as soon as it became aware of the attack.

 

The penalty was considerably less than the 183.4 million pounds the ICO proposed last year - in part reflecting the crisis the airline industry is now facing due to COVID-19.

 

Still, shares in BA's Anglo-Spanish parent IAG slid to session lows following the announcement. By 0917 GMT, they were 3% lower at 93.2 pence.

 

On Monday, IAG announced it was replacing BA's chief executive Alex Cruz with Aer Lingus boss Sean Doyle with immediate effect.

 

'SEVERE FAILING'

 

Announcing the penalty, the regulator said its investigators found that BA did not detect the attack on June 22, 2018 - but was alerted by a third party more than two months later, on Sept. 5.

 

The ICO added that it was not clear whether or when the company would have identified the attack itself.

 

"This was considered to be a severe failing because of the number of people affected and because any potential financial harm could have been more significant," it said.

 

Explaining why the final penalty was substantially lower than first suggested, the regulator said it considered representations from BA and the economic impact of the coronavirus pandemic, which has upended the travel industry.

 

"We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation," BA said in a statement.

 

Other major cyber incidents in the recent past include another London-listed airline, easyJet, which earlier this year said hackers had accessed the email and travel details of around 9 million customers.

 

U.S. hotel operator Marriott International in March suffered its second data incident in less than two years, with information of about 5.2 million its hotel guests suffering a breach.

 

-- © Copyright Reuters 2020-10-16

 

- Whatever you're going through, the Samaritans are here for you

- Follow Thaivisa on LINE for breaking COVID-19 updates

[from the home of CC]

 someone on the inside probably sold that data with the reported cyber attack a ruse..

[owl sees all]

The Russians; again? Or the Chinese? Could it be the Nigerians?

 

They need Baidu anti-virus.

 

I'm not keen on anything with British as its first word British Airways, British telecom, BBC etc.

 

 

[RayC]

Just what they need in the current environment!

[car720]

Sounds like an old money grab to me.

[animalmagic]

The same BA that threatens to sanction or expel frequent flyers from their membership group if they air criticism of BA.

 

https://www.thetimes.co.uk/article/ba-threat-to-frequent-flyers-who-air-criticism-jpp3xn3gs

[SomchaiCNX]

 Britain's data protection watchdog is fining the victim of an attack ?

 

Why they are not looking for the attackers instead and fine +jail them.

 

Oh yes you can not put the russian or Chinese government in jail. Remember these bullies have also a Vete right in the UN.

 

Fine the rape victim because she did not use a condom to protect herself,

[Sujo]

2 hours ago, SomchaiCNX said:

 Britain's data protection watchdog is fining the victim of an attack ?

 

Why they are not looking for the attackers instead and fine +jail them.

 

Oh yes you can not put the russian or Chinese government in jail. Remember these bullies have also a Vete right in the UN.

 

Fine the rape victim because she did not use a condom to protect herself,

Because its the british watchdog for company security. BA was negligent with its security.

 

A different agency will investigate the hacking.

[Baerboxer]

22 hours ago, owl sees all said:

The Russians; again? Or the Chinese? Could it be the Nigerians?

 

They need Baidu anti-virus.

 

I'm not keen on anything with British as its first word British Airways, British telecom, BBC etc.

 

 

 

Getting a bit like those who include "Democrat, Democratic, People's " etc in their title. There to influence any daft enough to believe it add integrity.

[SomchaiCNX]

23 hours ago, Sujo said:

Because its the british watchdog for company security. BA was negligent with its security.

 

A different agency will investigate the hacking.

Divide and conquer, government officials have different agency for everything. They are like communist minded people hired by the state and paid for by the people

[FritsSikkink]

On ‎10‎/‎17‎/‎2020 at 8:30 AM, car720 said:

Sounds like an old money grab to me.

No, a good warning to keep your customers private information secure.

[FritsSikkink]

On ‎10‎/‎16‎/‎2020 at 5:49 PM, from the home of CC said:

 someone on the inside probably sold that data with the reported cyber attack a ruse..

Doesn't work like that.

[FritsSikkink]

On ‎10‎/‎17‎/‎2020 at 9:22 AM, SomchaiCNX said:

 Britain's data protection watchdog is fining the victim of an attack ?

 

Why they are not looking for the attackers instead and fine +jail them.

 

Oh yes you can not put the russian or Chinese government in jail. Remember these bullies have also a Vete right in the UN.

 

Fine the rape victim because she did not use a condom to protect herself,

Absolute rubbish, more like the bank left your safe deposit box open and your valuables are gone (for the 3rd time as this isn't the first case they fckd up).

Edited October 18, 2020 by FritsSikkink

[car720]

17 minutes ago, FritsSikkink said:

No, a good warning to keep your customers private information secure.

Apart from bank passwords just what exactly is this private information that everyone keeps yelling about.  Maybe this secrecy is why nobody has friends anymore.

[curious297]

On 10/16/2020 at 5:41 PM, snoop1130 said:

"Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result," the ICO said.

So who get's a share of the 20 Million penalty as it won't be these guys!! Ever wonder where this money goes, how it us used because God knows the people will pay more taxes next year!

[tifino]

On 10/16/2020 at 9:41 PM, snoop1130 said:

(Reuters) - Britain's data protection watchdog said on Friday it has fined British Airways 20 million pounds - its biggest such penalty to date - for failing to protect data that left more than 400,000 of its customers' details the subject of a 2018 cyber attack.

 okay well lets see the same law enforcers inflict the same punishments upon those whose 'chose' to fail to protect the population, by concealing the creation and release of the CCP Virus 

 

[Susco]

On 10/16/2020 at 5:41 PM, snoop1130 said:

Britain's data protection watchdog said on Friday it has fined British Airways 20 million pounds - its biggest such penalty to date - for failing to protect data that left more than 400,000 of its customers' details the subject of a 2018 cyber attack.

That's nice.............and how get those 400.000 who's details were hacked get compensated?

[Oliver Holzerfilled]

1 hour ago, car720 said:

Apart from bank passwords just what exactly is this private information that everyone keeps yelling about.  Maybe this secrecy is why nobody has friends anymore.

Stored credit card, address, phone number and passport information.  I've joined a class action lawsuit.  Suspect the lawyers will end up with it all but the point is to make it too expensive to keep ignoring data security.

[Oliver Holzerfilled]

50 minutes ago, Susco said:

That's nice.............and how get those 400.000 who's details were hacked get compensated?

Sue them.

[thaibeachlovers]

Haven't flown BA since early 90s as not impressed at all. IMO THAI is superior and that's saying something.

Over the years with the way they treat customers seems I made the right choice.

Perhaps this fine will put a stake through its heart.

[FritsSikkink]

2 hours ago, car720 said:

Apart from bank passwords just what exactly is this private information that everyone keeps yelling about.  Maybe this secrecy is why nobody has friends anymore.

"Details accessed included payment information from those using the British Airways website and mobile app to make bookings, along with names, addresses and passwords. "   No secrecy: https://www.forbes.com/sites/carlypage/2020/10/16/ico-hits-british-airways-with-record-breaking-fine-for-2018-data-breach/#2161a536481a

 

[car720]

On 10/18/2020 at 4:23 PM, Oliver Holzerfilled said:

Stored credit card, address, phone number and passport information.  I've joined a class action lawsuit.  Suspect the lawyers will end up with it all but the point is to make it too expensive to keep ignoring data security.

Interesting as by law they have to pass most of that to immigration anyway.

[elliss]

On 10/16/2020 at 7:03 PM, RayC said:

Just what they need in the current environment!

 

 Sound's like , game set and match .

Another nail in the UK  coffin ..