British Airways slapped with $25.9M fine in UK for 2018 cyberattack affecting 400,000+

British Airways allegedly neglected to detect the cyber attack until more than two months after initial breach

A United Kingdom information commission has slapped British Airways with a fine of more than $25.9 million for allegedly failing to protect roughly 400,000 employees’ and customers’ personal information prior to a cyberattack in 2018, the agency recently announced.

Continue Reading Below

The Information Commissioner’s Office, or ICO, said Friday that British Airways must pay up 20 million British pounds, or approximately $25,986,000 after investigators determined the airline “was processing a significant amount of personal data without adequate security measures in place,” according to the announcement.

TickerSecurityLastChangeChange %
BAYn.a.n.a.n.a.n.a.

When it became the victim of a cyberattack in June of 2018 – which compromised the information belonging to an estimated 429,612 staff members and customers – British Airways neglected to detect the data breach until more than two months later, the ICO said. The compromised data included names, addresses, and credit card information.

TWITTER HACKERS TRICK EMPLOYEES BY POSING AS IT WORKERS, NY PROBE FINDS

On Monday, a British Airways spokesperson told FOX Business the company alerted its customers as soon as it became aware of the breach, but was "sorry we fell short of our customers’ expectations."

A British Airways Boeing 747 jumbo jet taking off from Los Angeles International Airport in 2010. (iStock)

HEALTH INSURER ANTHEM TO PAY NEARLY $40M TO SETTLE 2015 CYBERATTACK

"We are pleased the ICO recognizes that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation," the spokesperson said.

The ICO found that the cyberattack could have been prevented if the airline had taken the necessary security measures regarding its customers’ data.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

“People entrusted their personal details to BA and BA failed to take adequate measures to keep those details secure,” Information Commissioner Elizabeth Denham said in a statement included in Friday’s press release. “When organizations take poor decisions around people’s personal data, that can have a real impact on people’s lives.”

CLICK HERE TO READ MORE ON FOX BUSINESS