British Airways data breach

From Wikipedia, the free encyclopedia
  (Redirected from )

In 2018 there was a data breach that affected 380,000 to 500,000 customers of British Airways.[1][2]

Attack[]

British Airways said the attack affected bookings from 21 August 2018 and 5 September 2018 with credit card details of around 380,000 customers being compromised.[1] The attackers obtained names, street addresses, email addresses, credit card numbers, expiration dates and Card security codes - enough to allow thieves to steal from accounts.[1]

One customer of the airline reported that his card had been used to buy items by phone at Harrods while he was in Malaysia.[2] The attempt was rejected - the customer did not think his card was exposed except by this attack.[2]

Aftermath[]

British Airways urged customers to contact their banks or credit card issuer and to follow their advice.[1] NatWest said that it received more calls than usual because of the breach.[1] American Express said that customers would not need to take any action and that they would alert customers with unusual activity on their cards.[1]

Analysis[]

The Information Commissioner's Office said that the attack had begun in June 2018.[2]

Consequences for British Airways[]

British Airways was issued with a £183 million fine by the Information Commissioner's Office, which was the biggest fine issued by the office up to that date.[2] It was roughly 367 times the previous record, which was a £500,000 fine imposed on Facebook over the Cambridge Analytica scandal.[2]

The Facebook fine was the heaviest that could have been imposed at the time - a new law mirroring GDPR had been introduced between the Facebook and British Airways scandals.[2] The fine was 1.5% of the airline's worldwide turnover in 2017.[2] The maximum under the new laws would have been 4% of worldwide turnover, which would have approached £500 million.[2]

CEO and chairman Álex Cruz said the airline was "surprised and disappointed" in the ICO's finding.[2]

In October 2020 British Airways was fined £29 million by the Information Commissioner's Office, considerably smaller than the £183 million fine that the ICO originally intended.[3]

References[]

  1. ^ a b c d e f Sandle, Paul (6 September 2018). "BA apologizes after 380,000 customers hit in cyber attack". Reuters.
  2. ^ a b c d e f g h i j Cellan-Jones, Rory (8 July 2019). "British Airways faces record £183m fine for data breach". BBC News. Retrieved 20 May 2020.
  3. ^ Tidy, Joe (16 October 2020). "British Airways fined £20m over data breach". BBC News. Retrieved 16 October 2020.

See also[]

  • EasyJet hack
Retrieved from ""