Saturday, November 2, 2024
HomeSecurity UpdatesBritish Airways Facing £183.39 Million Fine Under GDPR for 2018 Data Breach

British Airways Facing £183.39 Million Fine Under GDPR for 2018 Data Breach

Published on

Malware protection

British Airways fined over £183 Million under the General Data Protection Regulation (GDPR) from the Information Commissioner’s Office (ICO) for 2018 data breach.

The cyber incidents believed to be started in June 2018 and the notice was issued in September 2018 by British Airways, meantime, the customers who made the booking through the website or mobile app were potentially affected.

During this cyber attack, the customers who have accessed the British Airways website being diverted to a fraudulent website where hackers stole the personal data of approximately 500,000 customers.

- Advertisement - SIEM as a Service

Based on the ICO investigation report, a huge data was compromised by poor security arrangements at the company and the stolen date including login, payment card, and travel booking details as well name and address information.

British Airways spokesperson told during the investigation “a third-party noticed some unusual activity and informed us about it. We immediately acted to close down the issue, and started an investigation as a matter of urgency.”

Since the General Data Protection Regulation (GDPR) applied on 25 May 2018, this new law applies to all companies that collect and process data belonging to the European Union (EU) citizens.

Read: Key Elements and Important Steps to General Data Protection Regulation (GDPR)

ICO has the capability to impose up to 4% of fine to the company global turnover. In this case, the fine was just 1.4 of British Airways 2017 turnover.

According to Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

Nik Whitfield, CEO of cybersecurity firm Panaseer said the proposed BA fine is “game-changing” for any company serving EU customers and “great news” for consumers’ privacy.

British Airways and the other regulators now have 28 days to make the decision to reduce the fine.

“British Airways has completely cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light”, the ICO said.

This case was thoroughly investigated by a lead supervisory authority on behalf of other EU Member State data protection authorities and takes its final decision.

It is worth to mention that” “On 21st January 2019, France’s data-privacy watchdog, The CNIL imposed a financial penalty of 50 Million Euros against the company GOOGLE LLC  for “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing)...

Microsoft Unveild New Windows 11 Features To Strengthen Security

Microsoft has been prioritizing security in Windows, as they introduced Secured-Core PCs to protect...

NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication

Some router models have identified a security vulnerability that allows attackers to bypass authentication.To...