British Airways data breach: Story of the biggest GDPR fine yet!
Recently, The Information Commissioner’s Office (ICO) sent a record fine towards British Airways over last years massive data breach.
The fine issued will be a record £183 million, which compared to £500 thousand given to Facebook over the Cambridge Analytica scandal.
In this article, we’ll discuss the recent financial threat against British Airways following the theft of 500,000 user details.
British Airways data breach: What happened?
The incident took place last year, whereby users were taken from the British Airways site to a fake, fraudulent site built by hackers. This site allowed around 500,000 customer details to be harvested and used by hackers. Allowing them to know customer payment details and access their accounts.
However, the CEO of British Airways denied this in disbelief stating ”we found no evidence of fraud on accounts linked to the theft”. However, some customers feel that wasn’t the case…
While British Airways did advise ICO the moment the breach happened, it’s come to be understood that their inaction to strengthen their IT security is a reason the attack occurred in the first place. Researchers found malicious code on the website around the time the attacks happened.
Let’s think back to the beginning. The highest fine under the old regulations was £500,000; this is the first time we’ve seen the impact of the new GDPR fines in full force. The new GDPR rules allow up to 4% of a companies annual turnover, which for British Airways, the penalty amounts to 1.5% of their worldwide turnover in 2017.
Why is ICO exercising it’s power now?
GDPR Fines: Why now?
The Information Commissioners Elizabeth Denham, head of the UK watchdog made her stand very clear. In a recent post, outlining the reasoning to fining British Airways, declaring:
“….when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
It’s been a little over a year since the General Data Protection Regulations came into force. It is giving EU citizens more power over their privacy by protecting them from data breaches in a data-driven world.
White, British Airways will have the right to appeal, this intention to fine with such a landmark amount makes ICO’s purpose clear. The days of small fines are gone, and if companies don’t want to face the watchdogs’ fury, then they’ll need to ensure their IT systems are fully secured and up-to-date.
Big or small: Hacker’s Delight
Personal data is a valuable commodity. With personal information, password and credit card details being essential components for fraud in the hands of the wrong people.
It’s quite a sad sight that big companies fail in their attempt to prevent data breaches. It questions the belief what a small business can do to protect themselves. Especially without the budget to invest in cybersecurity.
While you may think that with bigger businesses like Facebook and British Airways under the public eye, then your business should be safe. Unfortunately, research shows that 43% of all data breaches occur at small businesses. This makes keeping your customer details safe of the utmost importance.
Limiting the amount of information you store will go a long way to keeping your business secure.
Do you have any non-essential documents lying around?
No matter what business you’re in, you need to protect data at all times – this could be customer details, financial documents or any records of sensitive information.
Key cards, ex-customer documents, financial records. Confidential shredding puts your mind at ease by getting rid of all the information you no longer need.
Give your business the peace of mind that it’s keeping in line with the GDPR rules and regulations when it comes to your data security.
Get a quick quote today.