Security & Fraud

UK Watchdog Hits British Airways With $25.8M Fine Over Data Breach

UK, british airways, data breach, cyberattack, personal data

British Airways (BA) must pay a $25.8 million fine for lacking the proper security measures that might have prevented a hacker in 2018 from exposing the financial details of more than 400,000 customers, the U.K.'s Information Commissioner’s Office (ICO) said on Friday (Oct. 16).

“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure,” said Information Commissioner Elizabeth Denham. “Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result.”

The ICO’s investigation revealed that the airline broke data protection laws by lacking sufficient security measures when processing customers’ personal information.

The cyberattack went unnoticed for over two months and was ultimately brought to the airline’s attention by a third party, TechCrunch reported.

"We alerted customers as soon as we became aware of the criminal attack on our systems in 2018, and are sorry we fell short of our customers’ expectations," a BA spokesperson told TechCrunch. "We are pleased the ICO recognizes that we have made considerable improvements to the security of our systems since the attack and that we fully cooperated with its investigation."

Although $25.8 million is the largest fine handed down to date by the ICO, the BA attack is also one of the U.K.’s biggest data breaches. The agency was originally poised to hit the country’s largest airline with a $236.5 million fine, which represented a percentage of BA’s 2018 income, but the watchdog also took into consideration the devastating financial effects of the pandemic and its especially big impact on airlines.

The data breach involved customers’ names, addresses, payment cards and CVV numbers, as well as usernames and passwords of BA employee and administrator accounts. Additionally, 612 BA Executive Club usernames and PINs were accessed.

BA is one of the many airlines struggling to survive after worldwide travel bans were triggered by the pandemic more than seven months ago. The company announced in April that it was laying off 42,000 people, around 30 percent of its workforce. 



New forms of alternative credit and point-of-sale (POS) lending options like ‘buy now, pay later’ (BNPL) leverage the growing influence of payments choice on customer loyalty. Nearly 60 percent of consumers say such digital options now influence where and how they shop—especially touchless payments and robust, well-crafted ecommerce checkouts—so, merchants have a clear mandate: understand what has changed and adjust accordingly. Join PYMNTS CEO Karen Webster together with PayPal’s Greg Lisiewski, BigCommerce’s Mark Rosales, and Adore Me’s Camille Kress as they spotlight key findings from the new PYMNTS-PayPal study, “How We Shop” and map out faster, better pathways to a stronger recovery.