British Airways faces $328m fine for breaching European privacy rule

British Airways faces $328m fine for breaching European privacy rule

British Airways faces a A$328 million fine after their website was hacked last year, compromising the personal details of 500,000 customers.

The penalty is the largest imposed yet under the General Data Protection Regulation, which was implemented last year in the European Union.

The airline, which is owned by International Airlines Group (IAG), revealed last September they had been hacked and customers’ addresses, emails, names, credit card numbers, expiration and three-digit security codes were all stolen.

The UK Information Commissioner’s Office said the attacks started in June last year due to weak security, adding British Airways would have a chance to contest the fine.

“When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.”

Alex Cruz, chairman and chief executive of British Airways, said: “We are surprised and disappointed in this initial finding from the ICO”, adding, “We have found no evidence of fraud [or] fraudulent activity on accounts linked to the theft.”

Mr Cruz also apologised to customers for any inconvenience caused.

Willie Walsh, IAG’s chief executive, said: “We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”

The General Data Protection Regulation allows regulators to fine companies up to 4% of their global turnover for data protection breaches.

The fine British Airlines faces equates to 1.5% of their 2017 annual revenue.

Balanced journalism is essential to keeping people properly informed. If you feel our coverage of this story is biased, please let us know.