BA fined £183M over computer theft of passenger data

LONDON (AFP) – The United Kingdom’s (UK) data privacy watchdog has fined British Airways more than £183 million after computer hackers last year stole bank details from hundreds of thousands of passengers, the pair said yesterday.

The UK Information Commissioner’s Office (ICO) said it had issued a notice of its intention to fine BA £183.39 million (USD229.7 million, EUR205 million) for infringements of EU data protection rules, or GDPR.

“People’s personal data is just that – personal,” Information Commissioner Elizabeth Denham said in a statement.

“When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it,” she added.

In a separate statement, BA’s parent group IAG said the fine was equivalent to 1.5 per cent of British Airways’ turnover in 2017. Companies can be fined up to four percent of annual global turnover for breaching EU data protection rules.

The fine is equivalent to more than seven per cent of IAG’s net profit last year.

IAG Chief Executive Willie Walsh said it would consider appealing the penalty as it seeks “to take all appropriate steps to defend the airline’s position vigorously”.

BA’s CEO Alex Cruz said the airline was “surprised and disappointed” by the punishment.

“British Airways responded quickly to a criminal act to steal customers’ data,” he said in the statement. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused,” Cruz added.