British Airways faces a £183million fine after the personal details of more than 380,000 customers may have been stolen when hackers attacked the airline’s website last year
British Airways was today told it will have to pay a £183million fine for a data breach that saw card details of more than 380,000 customers stolen from its website and app.
The Information Commissioner’s Office has imposed the huge cash penalty on the airline after one of the most serious cyber attacks to hit a UK history last year.
BA called in the police in September 5 2018 after a cyber attack was detected by staff – 16 days after it started on August 21.
During the data breach tens of thousands of customers had their name, billing address, email address, card payment information – including card number, expiry date and their CVV security code – potentially compromised.
Hundreds of thousands more had their personal details taken without their CVV code captured, it was said.
British Airways chairman Alex Cruz said today the airline was ‘disappointed’ by the initial finding – despite initial warnings the fine could be up to £500million.
He said: ‘British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.’
Willie Walsh, chief executive of BA’s owner International Airlines Group (IAG), said the airline would make ‘any necessary appeals’ against the penalty.
The data breach affected 380,000 customers who booked flights online or via the BA app between April 21 and July 28, 2018, and who used a payment card.
BA has insisted it had told customers about the security breach as soon as it could.
But the cyber failure is a massive blow to the airline’s once-renowned reputation for customer service with some victims vowing never to use them again.
The stolen data did not include passport details but did include ‘personal information, the airline said.
BA said it had received no reports from customers who had had money fraudulently taken out of their account.
The airline then took out full-page advertisements in national newspapers, including the Daily Mail, apologising to customers.