The Information Commissioner's Office (ICO) has fined British Airways £20 million for a data breach that affected over 400,000 customers.
The ICO fine was for a 2018 breach that affected both personal and credit card data of British Airways customers. The £20 million fine is significantly lower than the £183 million the ICO originally proposed in 2019.
According to the ICO, the fine was smaller because "the economic impact of Covid-19" had been taken into account. Despite the significant decrease in the amount, it is still the largest penalty issued by the ICO to date.
What happened in 2018?
In 2018, attackers were able to compromise British Airways' systems and then modified them to be able to gather customers' details as they were input. The attack lasted for two months before a security researcher reported it to the airline and the airline notified the ICO.
Among the information taken by the hackers were log in, payment card and travel booking details as well name and address information. Investigators found that the carrier failed to place sufficient security measures, such as multi-factor authentication.
This was despite the availability of some of these measures on the Microsoft operating system that British Airways was using at the time.
Information Commissioner Elizabeth Denman said: "When organizations take poor decisions around people's personal data, that can have a real impact on people's lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security."
According to the airline, it alerted clients as soon as it became aware of the attack on its systems.
What British Airways says about the fine
A spokesman for the company stated: "We are pleased the ICO recognizes that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation."
BA data protection officer Carl Gottlieb pointed out that in the current business climate, £20 million was a "massive" fine. He added: "It shows the ICO means business and is not letting struggling companies off the hook for their data protection failures."
Recent challenges faced by the airline
The UK flag carrier announced in July that it will be retiring all of its Boeing 747 aircraft amidst the dramatic decline in travel due to the coronavirus pandemic.
British Airways said it will retire its entire Boeing 747 fleet due to the sharp decline in air travel amidst the coronavirus pandemic. The British airline is the world’s largest operator of the 747 jumbo jets, having 31 aircraft in its fleet.
A spokesman for the airline said: "It is with great sadness that we can confirm we are proposing to retire our entire 747 fleet with immediate effect."
"It is unlikely our magnificent ‘queen of the skies’ will ever operate commercial services for British Airways again due to the downturn in travel caused by the Covid-19 global pandemic," the spokesman continued.
The International Airlines Group (IAG)-owned carrier said the planes, which comprise around 10% of its entire fleet, will all be retired with immediate effect.
Later that month, IAG, which owns both British Airways and Iberia, announced that it will raise up to €2.75 billion from shareholders, including Qatar Airways to help alleviate the effect of coronavirus pandemic on the airline industry.
The funds to be raised by IAG will be used to pay down debt and increase the amount of cash it holds, in preparation of several years of slow demand.
