British Airways has been fined a massive £183.39 million by the Information Commissioners Office (ICO) in the UK for the 2018 data breach.
The breach saw data stolen from hundreds of thousands of the company’s customers, when traffic from the BA website was redirected to fraudulent websites.
The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. This incident in part involved user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were harvested by the attackers. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018.
The ICO’s investigation has found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information.
Details of the Data Breach
The data breach that affected British Airways was a sophisticated attack that exploited vulnerabilities in the airline’s website. The attackers managed to divert user traffic to a fraudulent site that mimicked the official British Airways website. This fake site was used to harvest sensitive customer information, including login credentials, payment card details, and personal identification information such as names and addresses. The breach is believed to have started in June 2018 and continued unnoticed for several months, affecting approximately 500,000 customers.
The attackers used a technique known as “skimming,” where malicious code is injected into the website to capture data entered by users. This type of attack is particularly insidious because it can be difficult to detect and can compromise a large amount of data before being discovered. The stolen data included not only payment card information but also details of travel bookings, which could potentially be used for further fraudulent activities.
Impact and Response
The impact of the data breach on British Airways was significant, both in terms of financial penalties and reputational damage. The £183.39 million fine imposed by the ICO is one of the largest ever issued under the General Data Protection Regulation (GDPR), highlighting the severity of the breach and the importance of robust cybersecurity measures.
In response to the breach, British Airways took several steps to improve its security posture. The company implemented enhanced security measures, including more rigorous monitoring of its systems, improved encryption protocols, and additional training for staff on cybersecurity best practices. British Airways also offered compensation to affected customers and set up a dedicated helpline to assist those who had been impacted by the breach.
The ICO’s investigation revealed that the breach could have been prevented if British Airways had implemented more effective security measures. The company was found to have inadequate security arrangements, which allowed the attackers to exploit vulnerabilities in the website. The ICO’s ruling serves as a reminder to all organizations of the importance of maintaining strong cybersecurity defenses and regularly reviewing and updating security protocols.
You can find out more information about this new ruling by the ICO over at their website at the link below.
Source ICO
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.