Airline Fined $229 Million for Data Breach
An airline faces a fine of more than $200 million after its customers were hit by a hacking scandal. Around 500,000 worldwide customers of British Airways were affected by the breach.
British Airways reported the breach in September last year. It doesn't appear that the hackers were able to get into BA's system and take any customer data that way. Instead, traffic to the site was hijacked.
The attack is believed to have begun last June and involved the hackers exploiting security flaws in the design of BA's site. They were able to intercept traffic to the site and redirect visitors to a bogus site that was under their control.
Data Intercepted
Once there, victims unwittingly handed over a host of valuable and sensitive data including names, addresses, details of booking, log-in details for the real BA site, and details of payment cards including credit cards.
While the full details aren't available, it appears the hackers may have been able to intercept the data while relaying it back to the real site. That meant customer bookings and payments still went through to BA, delaying the time it took for the breach to be detected.
The United Kingdom's Information Commissioner investigated the breach and found BA's failure to secure its site meant it had broken the General Data Protection Regulation (GDPR). That's a law that affects any business that operates in a European Union country or has customers in an EU country.
The Information Commissioner says it plans to fine BA £183.39 million, equivalent to US$229.59 million. The figure has shocked BA and analysts alike as the previous record fine issued by the Information Commissioner was just $500,000.
Fine Could Pay For Plane
The amount represents 1.5 percent of BA's annual revenue, so is still someway short of the maximum penalty under GDPR of four percent of annual revenue. While it appears to be coincidence, The Register notes that the fine matches the cost of a single 747-400 plane of the type widely used by BA. (Source: theregister.co.uk)
BA now has 28 days to argue against the size of the fine before it's finalized. It plans to do so and says it was surprised the fine was so high as it cooperated with the investigation. It also says there is no evidence the stolen card details were actually used, though some customers believe that's not the case. (Source: bbc.co.uk)
What's Your Opinion?
Is the size of the fine appropriate? Is it right to base fines on a company's revenue rather than impose a flat amount? Does it matter that the stolen card details weren't used?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
ridiculous
The fine is absurdly out of proportion. Even if BA was negligent, there is no good rationalization for a fine of this magnitude.
fine
You are right about size of the fine.All that will happen is fares will go up to cover cost.
Where does the money go?
No one ever seems to have that answer.
Typical EU
This is typical for the EU
When they enforce something they want the offender (victim) to feel pain.
Fines in the EU in many cases depend on the wealth (real or perceived) of the offender. Look up some of the fines for speeding that are levied in europe.
Also look at the size of the fines they have hit Google with.
In light of the oppressive nature of the EU bureaucrats this fine is not out of line.
I also feel that Brexit has more than a little to do with the size of the fine.
Typical EU
Please note that it was a BRITISH agency that investigated and is proposing he fine, NOT the EU.
However, it may very well be that the agency's head is against the BREXIT and is using this as a means to punish the British public for voting for it.