Tag: British Airways
7. July 2021
Back in 2018 British Airways was hit by a data breach affecting up to 500 000 data subjects – customers as well as British Airways staff.
Following the breach the UK’s Information Commissioners Office (ICO) has fined British Airways firstly in 2019 with a record fine of £183.000.000 (€ 205.000.000), due to the severe consequences of the breach. As reported beside inter alia e-mail addresses of the concerned data subjects also credit card information have been accessed by the hackers.
The initial record fine has been reduced by the ICO in 2020 after British Airways appealed against it. The ICO announced the final sanction in October 2020 – £20.000.000 (€ 22.000.000). Reason for the reduction has been inter alia the current COVID-19 situation and it’s consequences for the Aviation industry.
Most recently it has been published that British Airways also came to a settlement in a UK breach class action with up to 16 000 claimants. The details of the settlement have been kept confidential, so that the settlement sum is not known, but the law firm, PGMBM, representing the claimants, as well as British Airways announced the settlement on July 6th.
PGMBM further explains, that the fine of the ICO “did not provide redress to those affected”, but that “the settlement now addresses” the consequences for the data subjects, as reported by the BBC.
9. November 2020
The Information Commissioner’s Office (ICO) fines Marriott International Inc. (Marriott) £18.400.00 (€20.397.504).
The fine refers to a data breach which occurred in 2018. Back then the world’s largest hotel company based in the USA suffered a massive data breach affecting up to 383 million customers. For Marriott it is still not possible to state the exact number of people affected.
The ICO considers it proven that Marriott failed keeping customers’ personal data secure. In context of the breach confidential data like name, address and contact data as well as unencrypted passport and credit card data has been unauthorized accessed.
In a previous statement in 2019 the ICO announced, that it intends to fine Marriott with a fine of £99.200.396 (€109.969.591) this fine has now been reduced.
The reduction is based on the following reasons: the ICO considered the presentations from Marriott as well as the taken steps by Marriott as well as the consequences of the COVID-19 pandemic.
In October, the fine previously issued by the ICO against British Airways was also reduced, again partly because of the consequences of the COVID-19 pandemic.
Since the data breach occurred before the UK left the EU, the ICO investigated on behalf of all European Data Protection Authorities as lead Supervisory Authority and the fine has been approved by all other Authorities.
20. October 2020
In 2018 British Airways (BA) had to announce that they suffered a massive data breach. The data breach referred to the online booking tool. Login data and credit card data as well as travel data and address data were accessed illegaly. Affected were more than 400.000 customers.
Back in 2019 the UK’s Information Commissioners Office (ICO) evaluated the breach and stated that weak security precautions enabled the hakers to access the data. Thus, the ICO fined BA as a consequence of the breach a record fine of £183.000.000 (€ 205.000.000).
BA appealed against the fine and now – in 2020 – the ICO announced a reduced fine.
On October 16th, 2020, the ICO announced the final sanction for BA. The initial fine of £183.000.000 (€ 205.000.000) has been reduced to a total fine of £20.000.000 (€ 22.000.000). Reason for the reduction is inter alia the current COVID-19 situation and it’s consequences for the Aviation industry.
The notification from the authority states in this context:
As part of the regulatory process the ICO considered both representations from BA and the economic impact of COVID-19 on their business before setting a final penalty.