British Airways has been fined £20 MN by the Information Commissioner’s Office (ICO) in a data breach scam that compromised the information of more than 400,000 customers. “A significant amount of personal data without adequate security measures in place” was being processed by the UK’s leading airliner company that eventually led to data protection law violation resulting in a cyberattack in 2018 that escaped scrutiny for approximately almost 2 months, according to the watchdog ICO.

In its official report, the ICO said that it fined BA after identifying glitches with respect to security measures, which, otherwise, would have prevented the 2018 cyberattack. The ICO investigators ultimately concluded that British Airway’s failure to safeguard customers' personal and sensitive information violated data protection law and deserve a penalty.

ICO investigators found that British Airways ought to have identified weaknesses in its security and resolved them with security measures that were available at the time.

Information Commissioner Elizabeth Denham said: “Their failure to act was unacceptable and affected hundreds of thousands of people, which may have caused some anxiety and distress as a result. That’s why we have issued BA with a £20m fine – our biggest to date.

For details on the full investigation, click here.