1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Cars and Transportation

British Airways fined for data breach

July 8, 2019

The UK's Information Commissioner's Office has slapped British Airways with a massive fine over a data breach that saw customer credit card data get stolen. It is the largest fine the office has ever handed out.

https://p.dw.com/p/3LjJH
British Airways planes
Image: picture-alliance/AP Photo/F. Augstein

British Airways has been fined 183.4 million pounds ($230 million, €205 million) by the United Kingdom's Information Commissioner's Office (ICO) after computer hackers stole customer data last year, according to its parent company, International Airlines Group (IAG).

IAG said in a statement on Monday that the ICO intended to issue the penalty, which equated to 1.5% of its worldwide turnover for 2017, under the UK Data Protection Act.

The ICO said the penalty was the biggest it had ever handed out and the fine was the first to be made public under new rules.

British Airways revealed in September 2018 that computer hackers had carried out a "sophisticated, malicious criminal attack" on the airline's website and app, and obtained the credit card details of some 380,000 customers. 

The airline promised to "fully reimburse" affected customers and took out full-page advertisements in British newspapers to apologize for the cyberattack.

IAG's other four airlines — Aer Lingus, Iberia, Level and Vueling — were not affected by the hack.

'Surprised and disappointed'

Willie Walsh, IAG's chief executive, said on Monday that British Airways would be making representations to the ICO in relation to the proposed fine. 

"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals," Walsh said. 

Alex Cruz, the chairman and CEO of British Airways, said he was "surprised and disappointed in this initial finding from the ICO."

"British Airways responded quickly to a criminal act to steal customers' data. We found no evidence of fraud/fraudulent activities on accounts linked to the theft."

Hacking airlines

Airlines have become frequent targets for cyberattacks in recent years, due to their hyperconnected service models, which allow passengers to easily book and pay for flights.

Passengers also have to include passport data and credit card information when booking a flight online.

There were about 1,000 cyberattacks per month reported by airlines in 2016, according to figures released by the European Aviation Safety Agency.

dv/rc (AFP, Reuters)

DW sends out a daily selection of hard news and quality feature journalism. Sign up here.