British Airway (BA) is threatened with record-breaking punishment after having stolen personal data of approximately half a million passengers last summer in a hacking attack of weeks.
The British Information Government Commissioner (ICO), which also has data protection responsibilities, announced on Monday that it would propose a fine of £ 183.39 million (over $ 66 billion) for a British national airline.
According to the ICO’s announcement, as part of a cyber attack a year ago, hackers have been redirected to hackers on another false website and stolen passengers’ data has been stolen.
According to the agency’s calculations, the personal data of approximately 500,000 passengers of British Airways – including names, addresses, logon codes, bank card details – could have been unauthorized.
According to ICO, this was made possible by the weakly developed cybersecurity system of BA.
Elizabeth Denham, Information Government Commissioner, stressed in his Monday announcement of the test result and the proposal for fines that personal information is not accidentally called personal, and that if an organization is unable to protect this data from damage or theft, it is not merely a discomfort for the affected.
BA announced on September 6 last year that the company’s online booking system was hacked on August 21, 23:58, Central European Time, on September 5, at 22:45, or more than two weeks.
British Airways reported at the time that the incident involved 380,000 passengers.
However, according to an ICO test report on Monday, the attack actually started in June last year and the number of affected passengers reached half a million.
In a statement issued last September, BA stressed that anyone who has suffered material damage as a result of the incident is fully compensated and British Airways also pays for the cost of its customers’ bank debt analysis.
The case is also being investigated by the British National Crime Agency (NCA) and the National Cyber Security Center (NCSC).
Alex Cruz, CEO of British Airways, announced on Monday that he had been “surprised and disappointed” with the information government commission’s fine proposal. According to Cruz, BA reacted quickly to an attempt to steal passenger data and, in its own investigation, found no evidence that anyone would be abused by the relevant user data.
The CEO announced that BA would appeal against the proposed fine.
Based on the new EU Data Protection Standards (GDPR), ICO may impose a fine of up to 4 percent of the annual revenue of the companies concerned in similar cases. The proposed fine of 183.39 million BA for BA is equivalent to one and a half percent of the annual revenue reported by the airline for the financial year 2017-2018.
The highest fines imposed by the UK Information Office so far were £ 500,000. This was set by the Authority in October for the Facebook Community Portal, after it became clear that Cambridge Analytica, a London-based UK-based political analytics and advisory firm that has been liquidated since 2016, obtained data from nearly 90 million Facebook users during the 2016 US presidential campaign. tried to create a picture of the political attitude of the targeted US voters, without their knowledge.