British Airways faces 20 million EUR GDPR fine after a data breach
ICO, the UK data protection authority fines British Airlines a record 20 million EUR (GBP 183 million) over last years data breach.
A Criminal group named Magecart injected javascript in the BA Website checkout to capture personal data. Magecart illegally received data from August 21st 2018 to September 5th 2018.
They stole data from about 500.000 users including
- login information
- credit card data
- travel booking details
- names
- addresses
After announcing the fine, the Information Commissioner Elizabeth Denham said that the loss of personal data “is more than an inconvenience”.
Earlier a fine of 200 Million GBP was considered. The fine for BA would amount to 1.5% of its 2017 revenue.
British Airways has 28 days to appeal the ruling before its made final.
Sources:
Update
The fine was lowered by the data protection authority. Instead of 200 million euro, the company has to pay “only” 22.5 million euro.
Source: https://ico.org.uk/action-weve-taken/enforcement/british-airways/
Entscheidungsdatum:
16.10.2020
Land:
United Kingdom
Art des Verstoßes:
Theft of Data
Betroffene Datensätze:
500000
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 22,428,000,-
Violation of GDPR Paragraph:
32. Security of processing
Quelle:
ICO