Business Essentials for Professionals


Record Fine Of $230 Million Fine Over Data Theft Proposed Against British Airways

Record Fine Of $230 Million Fine Over Data Theft Proposed Against British Airways
A record fine of $230 million is staring at the face of the British Airways-owner IAG over the cyber theft of data from 500,000 customers which had been kept on the company website last year. The incident was judged according to the regulations of the new data-protection rules in the United Kingdom which are implemented by the Information Commissioner's Office (ICO) of the country.
The charges brought against British Airways was poor security arrangements at the airline exposed by the cyber theft and had consequently been found guilty of the charge and hence a proposal of a fine of GBP 183.4 million or 1.5 percent of total global turnover of the British Airways for 2017 was made by the ICO.
There were indications from the BA about a contesting of the ruling for the fine which was the outcome of the implementation of the European data protection rules – known popularly as the GDPR, which was enacted and implemented since 2018. Under the new GDPR regulations, regulatory bodies within the scope of the European Union are allowed to impose fines of up to 4 per cent of the total global revenues of companies for failure in protecting consumer data.
The cyber attack that was conducted at the servers of the BA involved the diverting of the traffic to the website of the British Airways to a false website where the hackers recorded a host of customer details such as log in, payment card and travel booking details, of the users in addition to their names and addresses, the ICO said.
"People's personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That's why the law is clear – when you are entrusted with personal data you must look after it," said Information Commissioner Elizabeth Denham.
He was "surprised and disappointed" by the proposed penalty, said BA's chairman and chief executive Alex Cruz. "British Airways responded quickly to a criminal act to steal customers' data," he added. "We have found no evidence of fraud/fraudulent activity on accounts linked to the theft."
Representations to the ICO would be made by the BA about the proposed fine, said Willie Walsh, CEO of parent company IAG. "We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals," he said.
The news resulted in a drop of 0.8 per cent in the stocks of IAG.
The proposed fine is equivalent to about 9 pence per IAG share, said Analyst Gerald Khoo at broker Liberum. "While IAG has more than adequate liquidity to cover the fine (Dec 2018 cash EUR 3.8 billion, total liquidity EUR 6.3 billion), the penalty is still substantial," he said.
Under the earlier rules, fines of up to 500,000 had been imposed by the ICO which was also responsible for probing BA on behalf of other European regulators. In 2018, a fine of GBP 500,000 was imposed by the ICO on Facebook for what it had said were serious breach of data protection law.

Christopher J. Mitchell

Markets | Companies | M&A | Innovation | People | Management | Lifestyle | World | Misc