A United Kingdom information commission has slapped British Airways with a fine of more than $25.9 million for allegedly failing to protect roughly 400,000 employees’ and customers’ personal information prior to a cyberattack in 2018, the agency recently announced.
The Information Commissioner’s Office, or ICO, said Friday that British Airways must pay up 20 million British pounds, or approximately $25,986,000 after investigators determined the airline “was processing a significant amount of personal data without adequate security measures in place,” according to the announcement.
When it became the victim of a cyberattack in June of 2018 – which compromised the information belonging to an estimated 429,612 staff members and customers – British Airways neglected to detect the data breach until more than two months later, the ICO said. The compromised data included names, addresses, and credit card information.
On Monday, a British Airways spokesperson told FOX Business the company alerted its customers as soon as it became aware of the breach, but was "sorry we fell short of our customers’ expectations."
"We are pleased the ICO recognizes that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation," the spokesperson said.
The ICO found that the cyberattack could have been prevented if the airline had taken the necessary security measures regarding its customers’ data.
“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure,” Information Commissioner Elizabeth Denham said in a statement included in Friday’s press release. “When organizations take poor decisions around people’s personal data, that can have a real impact on people’s lives.”