British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen.
183 million quid!? That sounds huge!
Yes, it’s the biggest fine ever handed out by the UK’s Information Commissioner’s Office (ICO).
In comparison, the ICO smacked Facebook’s wrist with a £500,000 fine over the Cambridge Analytica scandal (which amounts to less than ten minutes’ worth of revenue for the social networking giant.)
Why is British Airways being fined so heavily in comparison?
Well, it’s important to know that British Airways hasn’t been fined yet. The ICO has only published its notice of intention for the proposed fine. British Airways has the next 28 days to appeal, and the ICO says it will listen to their representations before making a final decision.
However, you’re right – there’s a great disparity between the two fines. The reason is very simple, the British Airways breach occurred after GDPR regulations came into force last year.
Under the General Data Protection Regulation, firms can now be fined up to 4% of their annual worldwide turnover or €20 million (whichever is greater). The fine proposed by the ICO against British Airways amounts to 1.5% of its global turnover in 2017.
In other words, British Airways could have been facing an even larger penalty.
So this isn’t just bad news for British Airways, it’s scary for all businesses
Sorry, but GDPR wasn’t introduced to make companies with lax security sleep easily at night. It was designed to protect the privacy of individuals, and encourage firms to treat customer data with the utmost care.
If there’s no other way to get businesses to understand the importance of properly securing the customer data (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/british-airways-faces-record-138-million-gdpr-fine-data-breach/