British Airways: July did not turn out to be a great month for British Airways as they have faced a record $230 million fine from EU courts after a website failure led the customer’s details leaked out and effected 0.5 million customers details. It would be the largest penalty yet under a tough privacy rule known as the General Data Protection Regulation, which came into force last year in the European Union.
The UK ICO said that weak security allowed user traffic to be diverted from the British Airways website to a fraudulent page starting in June 2018. The regulator said the company will have a chance to contest the proposed fine with a certain framework.
Attackers were able to access logins, passwords, card details, travel book details and other personal details which were devastating for customers Facebook investigated in Ireland over mishandled passwords. It was disclosed by Airways in September 2018 and went under trial in EU court and after scrutiny, British Airways found guilty and fined.
The £183.4 million ($230 million) fine is roughly 1.5% of British Airways’ annual revenue. The carrier, which is owned by IAG (ICAGY), said it would fight the penalty.
“We are surprised and disappointed in this initial finding,” British Airways CEO Alex Cruz said in a statement.
“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud [or] fraudulent activity on accounts linked to the theft,” he added. GDPR forces companies to make sure the way they collect, process and store data is safe. Any organization that holds or uses data on people inside the European Union is subject to the rules, regardless of where it is based. Companies that breach the law can be fined up to 4% of their annual revenue.