BRITISH Airways faces a record $230 million fine after a website failure compromised the personal details of roughly 500,000 customers.
It would be the largest penalty yet under a tough privacy rule known as the General Data Protection Regulation, which came into force last year in the European Union (EU).
The UK Information Commissioner’s Office said weak security allowed user traffic to be diverted from the British Airways website to a fraudulent page starting in June 2018. The regulator said the company will have a chance to contest the proposed fine.
Attackers were able to harvest customer details including log ins, payment cards, and travel booking details, according to the regulator. The airline disclosed the incident in September 2018.
The 183.4 million pounds ($230 million) fine is roughly 1.5 per cent of British Airways’ annual revenue. The carrier, which is owned by IAG (ICAGY), said it would fight the penalty.
CEO Alex Cruz said in a statement: “We are surprised and disappointed in this initial finding. British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud or fraudulent activity on accounts linked to the theft.”