Britain’s data protection watchdog announced on Friday, it has been fined British Airways £20 million pounds, for failing to protect data over 400,000 customers in 2018.
According to UK's Information Commissioner’s Office (ICO), after following an investigation spanning almost two years, the ICO concluded that British Airways did not have sufficient security measures in place to process significant amounts of personal data.
Moreover, the attackers is believed to have accessed the names, addresses, payment card numbers and CVV numbers of 244,000 British Airways customers.
Also, the investigators found BA should have identified weaknesses in its security and resolved them with measures available at the time, which would have prevented the data breach, ICO reported.
The information commissioner, Elizabeth Denham, said BA failed to take adequate measures to keep customers’ personal details secure.
Denham explained, that British Airways failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine our biggest to date.
"When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives," Denham added.
In contrast, British Airways spokesman reported, that the firm alerted customers as soon as it became aware of the criminal attack on their systems in 2018.