British Airways – €22,046,000 Fine (United Kingdom, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
British Airways was fined over 22 million euros for poor security that led to a data breach affecting 500,000 customers. Hackers redirected website visitors to a fake site to steal personal details. This case shows the importance of strong cybersecurity measures.
What happened
British Airways was fined for a data breach where hackers redirected users to a fake site, compromising customer data.
Who was affected
About 500,000 British Airways customers whose personal and payment details were stolen.
What the authority found
The ICO found that British Airways failed to protect customer data due to inadequate security, violating GDPR rules.
Why this matters
This fine underscores the need for companies to invest in robust cybersecurity. It also shows that authorities will impose significant penalties for failing to protect customer data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
In July 2019, the ICO issued a notice of its intention to fine British Airways £183.39M for GDPR infringements which likely involve a breach of Art. 32 GDPR. The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. This incident in part involved user traffic to the British Airways website being diverted to a fraudulent site. Through this false site, customer details were harvested by the attackers. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018. The ICO’s investigation has found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well name and address information. In the meantime, the final fine imposed on the airline has been set at £20 million (approximately EUR 22,046,000). The ICO emphasized that when setting the amount of the fine, it also took into account the economic impact of the COVID-19 ('Coronavirus') pandemic on the airline industry.
Related Enforcement Actions (1)
Other enforcement actions involving British Airways in UK
Details
Fine Date
16 October 2020
Authority
Information Commissioner's Office
Fine Amount
€22,046,000
Enforcement Tracker ID
ETid-58
About this data
Cite as: Cookie Fines. British Airways - United Kingdom (2020). Retrieved from cookiefines.eu
Last updated: