Sign in to follow this  
Followers 0
PP

British Airways Faces Record $230 million Fine Over Data Theft

Recommended Posts

British Airways-owner IAG is facing a record $230 million fine for the theft of data from 500,000 customers from its website last year under tough new data-protection rules policed by the UK’s Information Commissioner’s Office (ICO). The ICO proposed a penalty of 183.4 million pounds, or 1.5% of British Airways’ 2017 worldwide turnover, for the hack, which it said exposed poor security arrangements at the airline. BA indicated that it planned to appeal against the fine, the product of European data protection rules, called GDPR, that came into force in 2018. They allow regulators to fine companies up to 4% of their global turnover for data-protection failures. The attack involved traffic to the British Airways website being diverted to a fraudulent site, where customer details such as log in, payment card and travel booking details as well as names and addresses were harvested, the ICO said. “When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it.” - said Information Commissioner Elizabeth Denham. 

  • Like 1

Share this post


Link to post
Share on other sites

Nice. People’s personal data is just that – personal!

  • Like 1

Share this post


Link to post
Share on other sites


The point of the law is to give businesses incentive to proactively put security in place, and this "financial measure" could help.

  • Like 1

Share this post


Link to post
Share on other sites

I agree with fighting against cheaters, and hackers. As a company you have responsibility to protect your customers. Period!

  • Like 1

Share this post


Link to post
Share on other sites

That would be a record hacking fine and dwarfs the 500,000 pound maximum paid by Facebook. One word: regulation.

  • Great Response! 1

Share this post


Link to post
Share on other sites

First of all I'm glad this is happening. I read all the article. In one sentence they said: : "We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.”

So they are saying that no money has been stolen YET from the thousands of credit cards stolen?   

Share this post


Link to post
Share on other sites

(edited)

12 hours ago, Pavel said:

British Airways-owner IAG is facing a record $230 million fine for the theft of data from 500,000 customers from its website last year under tough new data-protection rules policed by the UK’s Information Commissioner’s Office (ICO). The ICO proposed a penalty of 183.4 million pounds, or 1.5% of British Airways’ 2017 worldwide turnover, for the hack, which it said exposed poor security arrangements at the airline. BA indicated that it planned to appeal against the fine, the product of European data protection rules, called GDPR, that came into force in 2018. They allow regulators to fine companies up to 4% of their global turnover for data-protection failures. The attack involved traffic to the British Airways website being diverted to a fraudulent site, where customer details such as log in, payment card and travel booking details as well as names and addresses were harvested, the ICO said. “When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it.” - said Information Commissioner Elizabeth Denham. 

I didn't read the article, but based on this quote I'm wondering about the part in bold. If the customers were redirected to a different site, how did that happen? I'm thinking the DNS entry was either hacked or suborned. Generally, DNS is the province of the internet provider.  I'm assuming IAG isn't in the ISP business. Therefore they should have a good case. Now however, if the IT dept was ignoring emails from the domain name registration authority or something similar, it's on them. 

Edited by Ward Smith
Stupid auto-correct

Share this post


Link to post
Share on other sites

14 hours ago, Pavel said:

British Airways-owner IAG is facing a record $230 million fine for the theft of data from 500,000 customers from its website last year under tough new data-protection rules policed by the UK’s Information Commissioner’s Office (ICO). The ICO proposed a penalty of 183.4 million pounds, or 1.5% of British Airways’ 2017 worldwide turnover, for the hack, which it said exposed poor security arrangements at the airline. BA indicated that it planned to appeal against the fine, the product of European data protection rules, called GDPR, that came into force in 2018. They allow regulators to fine companies up to 4% of their global turnover for data-protection failures. The attack involved traffic to the British Airways website being diverted to a fraudulent site, where customer details such as log in, payment card and travel booking details as well as names and addresses were harvested, the ICO said. “When an organization fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it.” - said Information Commissioner Elizabeth Denham. 

It is too bad that American citizens can't get nice checks for all the data that our government has stolen from us. It continues to do so in full force. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
You are posting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  
Followers 0