British Airways faces a £183-million ($303-million Cdn) fine over a breach that compromised information on half a million customers — the biggest penalty to date under new, tougher British regulations, and one likely to be seen as a test case for companies that fail to secure big data caches.
Britain's Information Commissioner proposed the fine on Monday, months after BA revealed it had been the victim of a hack. The scam saw customers diverted to a fake website where credit card details were harvested by the attackers.
"People's personal data is just that — personal. When an organization fails to protect it from loss, damage or theft, it is more than an inconvenience," Information Commissioner Elizabeth Denham said. "That's why the law is clear — when you are entrusted with personal data, you must look after it."
Fine is 1.5% of revenue
The regulator said the proposed fine — equivalent to 1.5 per cent of the airline's annual revenue — is the biggest it has ever imposed. It comes about a year after European Union member states began implementing the most sweeping change in data protection rules in a generation.
The General Data Protection Regulation (GDPR) is designed to make it easier for EU residents to give and withdraw permission for companies to use personal information — but also forces companies that hold data to be accountable for looking after it. Authorities can fine companies up to four per cent of annual revenue, or €20 million ($29 million), whichever is higher, for breaching the rules.
This is the message: Get your information security house in order.- Emily Taylor, cybersecurity expert
The Information Commissioner's Office says its investigation of BA found "poor security arrangements" compromised login, payment card and travel booking details, as well as name and address information.
Support the originator by clicking the read the rest link below.
