Security News

British Airways Fined a Record £183 million for Data Breach

British Airways is set to be fined £183 million (US$229 million) after a data breach which saw the details of 500,000 customers compromised.

BA went public about the attack in September 2018 and described it as a "sophisticated, malicious criminal attack" on its website. The breached customer information included name and address, payment card, login and travel booking details, and were gleaned when hackers diverted users of the BA website to a fake website over several months (the incident is believed to have started in June 2018).

The fine, handed down by the Information Commissioner's Office (ICO), is the biggest ever by the ICO and the Information Commissioner, Elizabeth Denham, wasn't impressed.

"People's personal data is just that - personal," she said. "When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That's why the law is clear - when you are entrusted with personal data, you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

British Airways has said they will be making representations to the ICO. They have 28 days to appeal.

Receive a weekly security report

Join 430 others receiving a free weekly report with a round-up of vulnerabilities and security news customized to your software stack. See an example email

Earlier: