UK: ICO announces intention to fine British Airways £183.39M for data breach
The Information Commissioner's Office ('ICO') announced, on 8 July 2019, its intention to issue a £183.39 million fine to British Airways Plc under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following its investigation into a data breach involving the personal data of approximately 500,000 customers. In particular, the ICO noted that the data breach involved user traffic to the British Airways website being diverted to a fraudulent website, which allowed access to customers' personal information, including, names, addresses, login, payment card and travel booking details.
In addition, the ICO outlined that British Airways had cooperated during the investigation and had made improvements to its security arrangements. Finally, the ICO highlighted that British Airways will now have the opportunity to make representations on the suggested results and sanctions, after which the ICO will make a final decision.
You can read the press release here.