Ask Alex Salmond: Crown has questions to answer about SNP CEO Peter Murrell’s « poorly worded » messages – Kenny MacAskill
British Airways faces a £ 20million fine for not detecting a hack for more than two months, meaning details of more than 400,000 people have been exposed
Investigators found the airline should have identified the security flaws that allowed the attack, according to the Information Commissioner’s office
Information Commissioner Elizabeth Denham said: « People have entrusted their personal data to BA, and BA has not taken adequate steps to protect this information
« Their inability to act was unacceptable and affected hundreds of thousands of people, which may have caused anxiety and distress as a result
« That is why we have fined BA £ 20million – our largest to date
« When organizations make bad decisions about people’s personal data, it can have a real impact on people’s lives
« The law now gives us the tools to encourage businesses to make better data decisions, including investing in up-to-date security »
The ICO announced in July last year that British Airways could face a fine of over £ 183million
The ICO said it took into account « BA’s representations and the economic impact of Covid-19 on their activities » before setting the final sanction
A spokesperson for British Airways said: « We alerted customers as soon as we learned of the criminal attack on our systems in 2018 and are sorry we did not meet our customers’ expectations
« We are pleased that the ICO recognizes that we have significantly improved the security of our systems since the attack and that we have fully cooperated with its investigation »
The attacker would have potentially accessed the personal data of approximately 429,612 customers and employees
This included the names, addresses, payment card numbers and three digits on the backs of cards for 77,000 customers, and card numbers for 108,000 customers only
Usernames and passwords for British Airways employee and administrator accounts, as well as usernames and PINs for up to 612 airline Executive Club accounts, were also potentially consulted
British Airways data breach, International Airlines Group, Information Commissioner’s Office
World news – GB – British Airways fined £ 20million for failing to protect the personal data of hundreds of thousands of customers