We will use your email address only for sending you newsletters. Please see our Privacy Notice for details of your data protection rights.
Investigators from the ICO found the airline should have identified the security weaknesses which enabled the attack to take place. The carrier failed to protect the personal and financial details of more than 400,000 customers, the ICO said.
The ICO added that British Airways did not detect the hack for more than two months.
Information Commissioner Elizabeth Denham said: “People entrusted their personal details to BA, and BA failed to take adequate measures to keep those details secure.
“Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.
“That’s why we have issued BA with a £20 million fine – our biggest to date.”
MORE TO FOLLOW
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives.
“The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security.”
The ICO initially said July last year that British Airways could be fined more than £183 million, more than nine times the fine the airline has eventually been given.
They said it considered “representations from BA and the economic impact of Covid-19 on their business” before setting the final penalty.
MORE TO FOLLOW
Source: Read Full Article