BRITISH AIRWAYS (BA) has been slapped with a record-breaking £183m GDPR fine following the 2018 mega-breach that saw hackers take off with customers' data.
The Information Commissioner's Office (ICO) said on Monday that, following an "extensive investigation" into the incident, it has decided to whack the airline with a hefty £183.4m penalty, representing 1.5 per cent of BA's worldwide revenue in 2017.
While less than the maximum GDPR fine of four per cent, this is the biggest penalty handed out under the new regulations to date; previously the largest was the £500,000 penalty imposed on Facebook for its role in the Cambridge Analytica privacy scandal.
The ICO noted that its investigation found that the personal data of approximately 500,000 BA ustomers was compromised in the mega-breach, due to "poor security arrangements" at the company. This data included names and addresses, log-in details, travel booking info and payment card details - including the number, expiry date and three-digit security code.
Information Commissioner Elizabeth Denham said: "People's personal data is just that - personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience.
"That's why the law is clear - when you are entrusted with personal data you must look after it.
"Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
BA CEO and chairman Alex Cruz said the airline was "surprised and disappointed" the ICO's decision, sobbing: "British Airways responded quickly to a criminal act to steal customers' data.
"We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused."
Willie Walsh, CEO of BA's parent company International Airlines Group, added: "British Airways will be making representations to the ICO in relation to the proposed fine.
"We intend to take all appropriate steps to defend the airline's position vigorously, including making any necessary appeals."
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked