Record fine for inadequate IT security measures
The British Information Commissioner’s Office intends to impose a fine of almost 250 million euros on British Airways. This was triggered by a hacker attack, as a result of which personal data of around 500,000 customers became accessible to third parties without authorization. During its investigations, the supervisory authority found inadequate IT security measures, which allowed access to credit card data, travel data, and login data, among other things. The fine is the equivalent of 1.5% of British Airways’ annual revenue from 2017. British Airways intends to fight the fine with all means at its disposal. The opinion of the supervisory authority can be found here.
British Airways is also facing various claims for damages from those affected. Consumer advocates are planning a class action lawsuit and expect damages of about £5,000 per affected person.