[ad_1]
British Airways faces a record fine of £ 183 million for breaching its security systems last year.
The airline, owned by IAG, is "surprised and disappointed" by the sanction imposed by the Office of the Information Commissioner (ICO).
At the time, BA had stated that hackers had conducted a "sophisticated and malicious criminal attack" on its website.
The ICO said it was the biggest penalty ever imposed and the first to be made public under the new rules.
What are the new rules?
The General Data Protection Regulation (GDPR) came into force last year and is the biggest disruption of data privacy in the last 20 years.
The penalty imposed on BA is the first to be made public since the introduction of these rules, which require reporting of data breaches to the Information Commissioner.
He also increased the maximum penalty to 4% of the turnover. BA's penalty rises to 1.5% of its global business figure in 2017, less than the maximum possible.
Up to now, the heaviest penalty was £ 500,000, imposed on Facebook for its role in the Cambridge Analytica data scandal. This was the maximum allowed by the old data protection rules that applied before the GDPR.
What happened?
The ICO said the incident occurred after users of the British Airways website were diverted to a fraudulent site. Through this fake site, attackers have gathered information about 500,000 customers, said the OIC.
Information Commissioner Elizabeth Denham said, "The personal data of individuals are just personal data." When an organization fails to protect it from loss, damage or theft, it's more than a disadvantage.
"That's why the law is clear.When you're in charge of personal data, you have to take care of it.Persons who do not do this will undergo careful scrutiny from my office to verify that They have taken appropriate measures to protect the fundamental rights to privacy. "
- British Airways violation: How hackers entered?
- BA investigation into hacking website reveals more victims
The incident had first been revealed on September 6, 2018, and BA had initially indicated that about 380,000 transactions had been affected, but the stolen data did not include details of the trip or pbadport.
What information was stolen?
The OIC said the incident would have started in June 2018.
The watchdog said that a variety of information was "compromised" by poor security arrangements within the company, including login information, payment card and travel booking. , as well as information about the name and address.
BA initially stated that this information included names, e-mail addresses, credit card information, such as credit card numbers, expiry dates, and the three-digit CVV code on the back of the cards. credit, although BA stated that she did not stock CVV numbers.
The watchdog stated that BA had cooperated with his investigation and had improved its security arrangements.
What happens next?
BA has 28 days to appeal. Willie Walsh, Executive Director of IAG, said that British Airways would make representations to the ICO.
"We intend to take all appropriate measures to vigorously defend the airline's position, including making the necessary appeals," he said.
Alex Cruz, President and CEO of British Airways, said the airline was "surprised and disappointed" by the initial conclusion of the ICO.
"British Airways reacted quickly to a criminal act aimed at stealing customer data, and we found no evidence of fraud / fraudulent activity on accounts related to theft.
"We apologize to our customers for the inconvenience caused by this event."
Where is the money going?
The penalty is distributed among the other European data authorities, while the money paid to the ICO is paid directly to the Treasury.
It is up to individuals to claim money from BA, who has not provided any information as to whether compensation has been paid.
Under the regulations, EU authorities whose residents have been affected will also have the opportunity to comment on the findings of the ICO.
Have you been a victim of the data breach? How were you touched? [email protected]
Please include a contact number if you wish to speak to a BBC reporter. You can also contact us in the following ways:
- WhatsApp: +44 7756 165803
- Tweet: @BBC_HaveYourSay
- Send an SMS or an MMS to 61124 or +44 7624 800 100
- Please, read our conditions of use and confidentiality
[ad_2]
Source link