British Airways Fined £183m over Passenger Data Breach

The ICO says personal data of 500,000 customers was stolen as users of British Airways’ website and app were diverted to a fraudulent site where their customers details were harvested by the hackers. This included customer details such as log in, payment card and travel booking details as well as names and addresses.

The ICO said in a statement that it had found that the information was compromised by poor security arrangements on BA’s part. The ICO added that British Airways had co-operated with the investigation and had since made improvements to its security arrangements.

The fine is the biggest penalty handed out by the Information Commissioner’s Office (ICO).

BA has 28 days to appeal. Willie Walsh, chief executive of IAG, said British Airways would be making representations to the ICO.

“We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals,” he said.

Alex Cruz, British Airways’ chairman and chief executive, said the airline was “surprised and disappointed” in the ICO’s initial finding.

“British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft.

“We apologise to our customers for any inconvenience this event caused.”